CVE-2025-26444
BaseFortify
Publication date: 2025-09-04
Last updated on: 2025-09-08
Assigner: Android (associated with Google Inc. or Open Handset Alliance)
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| android | 13.0 | |
| android | 14.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-693 | The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability occurs in the Android platform's voice interaction service where forcibly stopping a user-selected third-party assistant app causes the system to incorrectly revert to the default system fallback assistant. This happens due to a logic error in the code that resets the assistant role and settings upon force stop. As a result, the default assistant app is automatically granted the ROLE_ASSISTANT without needing additional privileges or user interaction. [1]
How can this vulnerability impact me? :
The vulnerability can impact users by causing their chosen assistant app to be replaced silently with the system default assistant when the selected assistant is force stopped. This leads to a degraded user experience as user preferences are lost. Additionally, it can lead to a local escalation of privilege where the default assistant app gains assistant role privileges automatically without further execution permissions or user consent. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability relates to the Android platform's voice interaction service resetting the default assistant app when a third-party assistant app is force stopped. Detection involves checking if the default assistant app setting unexpectedly reverts to the system fallback assistant after force stopping a user-selected assistant app. You can verify the current default assistant app by using Android shell commands such as `adb shell cmd role get-role-holder android.app.role.ASSISTANT` before and after force stopping the assistant app with `adb shell am force-stop <assistant_package_name>`. If the role holder changes to the fallback assistant without user action, the vulnerability may be present. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation involves updating the Android platform to include the fix that prevents resetting the default assistant role upon force stopping the assistant app. This fix removes the logic that clears or resets the assistant role and settings during force stop, preserving user preferences. Until the update is applied, avoid force stopping the assistant app to prevent unintended privilege escalation. Additionally, monitor for updates from the device manufacturer or Android security bulletins that include the patch for CVE-2025-26444. [1]