CVE-2025-26423
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-04

Last updated on: 2025-09-05

Assigner: Android (associated with Google Inc. or Open Handset Alliance)

Description
In validateIpConfiguration of WifiConfigurationUtil.java, there is a possible way to trigger a permanent DoS due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-04
Last Modified
2025-09-05
Generated
2026-06-16
AI Q&A
2025-09-04
EPSS Evaluated
2026-06-15
NVD
CVE-2025-26423
EUVD
EUVD-2025-26859
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
google android 13.0
google android 14.0
google android 15.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-400 The product does not properly control the allocation and maintenance of a limited resource.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the validateIpConfiguration method of WifiConfigurationUtil.java in Android. Due to a missing bounds check, it is possible to trigger a permanent denial of service (DoS). This flaw allows local escalation of privilege without needing any additional execution privileges or user interaction. Essentially, improper validation of IP configuration data can be exploited to disrupt the Wifi service. [1]

Impact Analysis

The vulnerability can lead to a permanent denial of service on the affected device's Wifi service, potentially causing loss of network connectivity. Additionally, it allows a local attacker to escalate their privileges without requiring extra execution rights or user interaction, which could compromise device security and stability. [1]

Mitigation Strategies

Apply the patch that fixes the vulnerability by updating the Android platform's Wifi module to include the size check for IP configuration data as implemented in the commit with hash 01e708a7a9af970b3aa40cdca2cbde71d07a859b. This patch addresses the issue in WifiConfigurationUtil.java and prevents the permanent DoS and privilege escalation by validating IP configuration size before processing. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-26423. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart