CVE-2025-36925
BaseFortify
Publication date: 2025-12-11
Last updated on: 2025-12-12
Assigner: Google Devices
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| android | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-787 | The product writes data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
What immediate steps should I take to mitigate this vulnerability?
Users should update their devices to the latest security patch level that addresses this vulnerability. Although the exact patch for CVE-2025-36925 is not explicitly mentioned, similar vulnerabilities in Google Pixel devices are mitigated by applying the December 2025 security updates or later. Therefore, applying the latest available firmware and security patches from the official Google Developer site is recommended to mitigate this vulnerability. [1]
Can you explain this vulnerability to me?
This vulnerability is an out of bounds write in the WAVES_send_data_to_dsp function of the libaoc_waves.c file. It occurs because there is a missing bounds check, which means the program may write data outside the intended memory area.
How can this vulnerability impact me? :
The vulnerability can lead to local escalation of privilege, allowing an attacker with local access to gain higher privileges without needing additional execution privileges or user interaction.