CVE-2025-26441
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-04

Last updated on: 2025-09-08

Assigner: Android (associated with Google Inc. or Open Handset Alliance)

Description
In add_attr of sdp_discovery.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-04
Last Modified
2025-09-08
Generated
2026-06-16
AI Q&A
2025-09-04
EPSS Evaluated
2026-06-14
NVD
CVE-2025-26441
EUVD
EUVD-2025-33992
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
google android 13.0
google android 14.0
google android 15.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-125 The product reads data past the end, or before the beginning, of the intended buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-26441 is an out-of-bounds (OOB) read vulnerability in the Android Bluetooth module, specifically in the add_attr function of the sdp_discovery.cc file. The issue occurs when the function attempts to read beyond the valid memory boundary because it lacks a proper bounds check. This happens when a pointer is exactly one byte short of its end pointer, causing the function to read the type of the next attribute outside the allowed memory range. This flaw can lead to unintended information disclosure. [1]

Impact Analysis

This vulnerability can lead to remote information disclosure without requiring any additional execution privileges or user interaction. An attacker could exploit this flaw remotely via Bluetooth to read sensitive memory contents, potentially exposing private data from the affected device. [1]

Detection Guidance

Detection of CVE-2025-26441 involves verifying if the affected Android Bluetooth module with the vulnerable add_attr function is present and unpatched. Since the vulnerability is an out-of-bounds read in the SDP discovery code, direct detection via network commands is not specified. However, you can check the Bluetooth daemon version or build to see if the patch commit 5e3953251ab50bcdb6058f5e5afc82d6271c6e1e is applied. On Linux systems running the Fluoride Bluetooth stack, you can check the btadapterd version or rebuild from source with the fixed code. No specific detection commands are provided in the resources. [1]

Mitigation Strategies

Immediate mitigation steps include updating the Android Bluetooth module or the Fluoride Bluetooth stack to include the patch that adds the missing boundary check in the add_attr function. This involves applying the commit 5e3953251ab50bcdb6058f5e5afc82d6271c6e1e to the source code and rebuilding the Bluetooth stack. For Linux environments, follow the build instructions using the provided build.py script with the --run-bootstrap option to ensure dependencies and patches are correctly applied. Running the updated Bluetooth daemon (btadapterd) will mitigate the vulnerability. No user interaction is needed for exploitation, so patching promptly is critical. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-26441. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart