CVE-2025-26443
BaseFortify
Publication date: 2025-09-04
Last updated on: 2025-09-08
Assigner: Android (associated with Google Inc. or Open Handset Alliance)
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| android | 13.0 | |
| android | 14.0 | |
| android | 15.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-693 | The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Android ManagedProvisioning app, specifically in the parseHtml function of HtmlToSpannedParser.java. Due to a logic error, the app allowed installation of other apps via embedded links with invalid URL schemes (other than HTTP and HTTPS) in the TermsActivity. This flaw could enable an attacker to install apps without requiring the user to allow installations from unknown sources, leading to local escalation of privilege. Exploitation requires user interaction. [1]
How can this vulnerability impact me? :
This vulnerability can lead to local escalation of privilege on an affected Android device. An attacker could exploit it to install apps without the usual security prompts or permissions, potentially installing malicious software without explicit user consent. This could compromise device security and user data. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves checking if the ManagedProvisioning app on Android devices is vulnerable by verifying whether it allows installation of apps via embedded links with invalid URL schemes in TermsActivity. Since the issue is in the HtmlToSpannedParser.java parsing logic allowing non-HTTP/HTTPS URLs, you can inspect device logs or app behavior for attempts to install apps triggered by such URLs. There are no specific commands provided to detect this vulnerability on a network or system. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation involves ensuring that the Android ManagedProvisioning app is updated to include the fix that restricts allowed URLs in TermsActivity to only HTTP and HTTPS schemes. Applying the patch committed on February 5, 2025, or updating to a version of Android that includes this fix will prevent exploitation. Additionally, avoid interacting with provisioning links from untrusted sources and monitor device provisioning processes for suspicious activity. [1]