CVE-2025-26421
BaseFortify
Publication date: 2025-09-04
Last updated on: 2025-09-05
Assigner: Android (associated with Google Inc. or Open Handset Alliance)
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| android | 13.0 | |
| android | 14.0 | |
| android | 15.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-290 | This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-26421 is a vulnerability in the Android platform where a logic error allows bypassing the lock screen. This flaw enables a local escalation of privilege without needing any additional execution privileges or user interaction, meaning an attacker with local access could gain higher privileges by bypassing the lock screen security.
How can this vulnerability impact me? :
This vulnerability can allow an attacker with local access to bypass the lock screen and escalate their privileges on the device without needing further permissions or user interaction. This could lead to unauthorized access to sensitive data or the ability to modify critical system packages, potentially compromising the security and integrity of the device.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, ensure that your Android system is updated with the latest security patches that enforce biometric authentication for sensitive package management operations. This includes requiring biometric verification when disabling, force-stopping, or uninstalling updates of protected packages. Applying these updates will prevent unauthorized modifications to critical system packages and protect against the lock screen bypass vulnerability. [1, 2]