CVE-2025-26427
BaseFortify
Publication date: 2025-09-04
Last updated on: 2025-09-05
Assigner: Android (associated with Google Inc. or Open Handset Alliance)
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| android | 13.0 | |
| android | 14.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-24 | The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize "../" sequences that can resolve to a location that is outside of that directory. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a path traversal error in multiple locations of the Android platform that allows unauthorized access to the Android/data directory. Exploiting this flaw can lead to a local escalation of privilege without needing additional execution privileges, but it requires user interaction to be exploited.
How can this vulnerability impact me? :
The vulnerability can allow an attacker to gain elevated local privileges on an Android device by accessing restricted directories such as Android/data. This could lead to unauthorized access to sensitive data stored in these directories, potentially compromising user data and device security. [2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves checking for unauthorized access attempts to the Android/data directory or related sensitive directories on shared storage. Since the vulnerability is due to a path traversal error allowing local escalation of privilege, monitoring file system access logs for unusual access patterns to Android/data/, Android/obb/, or Android/sandbox/ directories can help. Specific commands depend on the system, but on an Android device with root access, you could use commands like 'logcat' to monitor system logs or 'auditctl' to set audit rules for access to these directories. However, no specific detection commands are provided in the available resources. [1, 2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include updating the Android system to a version that includes the fixes described in the referenced commits. These fixes restrict access to sensitive directories such as Android/data/, Android/obb/, and Android/sandbox/ by implementing access control in the ExternalStorageProvider and consolidating secure implementations in DownloadProvider. Applying official patches or system updates that contain these changes will mitigate the vulnerability. Additionally, limiting user interaction with untrusted applications and avoiding granting unnecessary permissions can reduce exploitation risk. [1, 2]