CVE-2025-26450
BaseFortify
Publication date: 2025-09-04
Last updated on: 2025-09-08
Assigner: Android (associated with Google Inc. or Open Handset Alliance)
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| android | 13.0 | |
| android | 14.0 | |
| android | 15.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Android Input Method Editor (IME) framework, specifically in the onInputEvent method of IInputMethodSessionWrapper.java. An untrusted app can inject fabricated key and motion events into the default IME due to a missing permission check. This allows the malicious app to manipulate input events without needing user interaction or additional execution privileges. [1]
How can this vulnerability impact me? :
The vulnerability can lead to a local escalation of privilege by allowing a malicious app to inject fake input events into the IME. This could enable the attacker to manipulate sensitive shortcuts or input behaviors, potentially compromising device security or user data without requiring user interaction. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves monitoring for fabricated or injected InputEvents targeting the Android Input Method Editor (IME). Since the exploit involves injecting KeyEvents or motion events into the IME's file descriptor, detection could include analyzing input event logs or using Android's testing frameworks such as 'atest' with 'CtsInputMethodTestCases' and 'InputMethodServiceTest' to verify input event authenticity. Specific commands are not provided in the resources, but using Android's testing tools to run these test cases can help detect exploitation attempts. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation involves applying the patch that introduces verification for all KeyEvents with modifier keys or marked as sensitive before dispatch to the IME. This patch checks the authenticity of input events and validates timestamps to prevent replay attacks. Ensuring your Android system is updated with this fix, which was committed in October 2024 and merged in April 2025, will protect against this vulnerability. [1]