CVE-2025-26445
BaseFortify
Publication date: 2025-09-04
Last updated on: 2025-09-08
Assigner: Android (associated with Google Inc. or Open Handset Alliance)
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| android | 13.0 | |
| android | 14.0 | |
| android | 15.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Android Connectivity module's offerNetwork method, which lacked a proper permission check. Because of this, unauthorized applications could register a network offer by guessing an existing provider ID, allowing them to intercept all NetworkRequests. This interception could lead to leaking sensitive information about other applications on the system. The vulnerability does not require additional execution privileges or user interaction to be exploited. [1]
How can this vulnerability impact me? :
If exploited, this vulnerability could allow unauthorized apps on your device to intercept network requests and access sensitive information about other applications. This local information disclosure could compromise your privacy and security by exposing data that should remain protected within the system. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves unauthorized use of the hidden API method offerNetwork by apps lacking proper permissions. Detection would involve monitoring for unauthorized calls to offerNetwork or attempts to register network providers without the required permissions (NETWORK_FACTORY, MAINLINE_NETWORK_STACK, or MANAGE_TEST_NETWORKS). Since offerNetwork is a hidden API accessible only via NetworkProvider, you can audit app permissions and usage of network provider registration. Specific commands are not provided in the resources, but monitoring logs for calls to registerNetworkProvider or offerNetwork and checking app permissions related to network stack access would be advisable. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation involves ensuring that only apps with the appropriate permissions (NETWORK_FACTORY, MAINLINE_NETWORK_STACK, or MANAGE_TEST_NETWORKS) can call offerNetwork or register network providers. Applying the patch that enforces these permission checks in ConnectivityService.java is critical. Additionally, auditing installed apps for unauthorized network provider registrations and restricting access to hidden APIs can help prevent exploitation. [1]