CVE-2025-26444
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-04

Last updated on: 2025-09-08

Assigner: Android (associated with Google Inc. or Open Handset Alliance)

Description
In onHandleForceStop of VoiceInteractionManagerService.java, there is a bug that could cause the system to incorrectly revert to the default assistant application when a user-selected assistant is forcibly stopped due to a logic error in the code. This could lead to local escalation of privilege where the default assistant app is automatically granted ROLE_ASSISTANT with no additional execution privileges needed. User interaction is not needed for exploitation.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-04
Last Modified
2025-09-08
Generated
2026-06-16
AI Q&A
2025-09-04
EPSS Evaluated
2026-06-14
NVD
CVE-2025-26444
EUVD
EUVD-2025-27036
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
google android 13.0
google android 14.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-693 The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability occurs in the Android platform's voice interaction service where forcibly stopping a user-selected third-party assistant app causes the system to incorrectly revert to the default system fallback assistant. This happens due to a logic error in the code that resets the assistant role and settings upon force stop. As a result, the default assistant app is automatically granted the ROLE_ASSISTANT without needing additional privileges or user interaction. [1]

Impact Analysis

The vulnerability can impact users by causing their chosen assistant app to be replaced silently with the system default assistant when the selected assistant is force stopped. This leads to a degraded user experience as user preferences are lost. Additionally, it can lead to a local escalation of privilege where the default assistant app gains assistant role privileges automatically without further execution permissions or user consent. [1]

Detection Guidance

This vulnerability relates to the Android platform's voice interaction service resetting the default assistant app when a third-party assistant app is force stopped. Detection involves checking if the default assistant app setting unexpectedly reverts to the system fallback assistant after force stopping a user-selected assistant app. You can verify the current default assistant app by using Android shell commands such as `adb shell cmd role get-role-holder android.app.role.ASSISTANT` before and after force stopping the assistant app with `adb shell am force-stop <assistant_package_name>`. If the role holder changes to the fallback assistant without user action, the vulnerability may be present. [1]

Mitigation Strategies

Immediate mitigation involves updating the Android platform to include the fix that prevents resetting the default assistant role upon force stopping the assistant app. This fix removes the logic that clears or resets the assistant role and settings during force stop, preserving user preferences. Until the update is applied, avoid force stopping the assistant app to prevent unintended privilege escalation. Additionally, monitor for updates from the device manufacturer or Android security bulletins that include the patch for CVE-2025-26444. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-26444. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart