CVE-2025-36921
BaseFortify
Publication date: 2025-12-11
Last updated on: 2025-12-12
Assigner: Google Devices
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| android | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-125 | The product reads data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an out of bounds read in the function ProtocolPsUnthrottleApn() within the protocolpsadapter.cpp file. It occurs because of a missing bounds check, which means the program may read memory outside the intended area. Exploiting this flaw could lead to local information disclosure, but it requires compromise of the baseband firmware. No user interaction is needed to exploit this vulnerability.
How can this vulnerability impact me? :
If exploited, this vulnerability could allow an attacker with baseband firmware access to read sensitive information locally from the device memory that should not be accessible. This could lead to leakage of confidential data stored or processed by the device.
What immediate steps should I take to mitigate this vulnerability?
Apply the latest security patches and firmware updates provided by the device manufacturer as soon as they become available to mitigate this vulnerability. Since this vulnerability requires baseband firmware compromise, updating the baseband firmware to the latest version is critical.