exploitDog

CVE-2025-26448

Опубликовано: 04 сент. 2025

Источник: nvd

CVSS3: 5.5

EPSS Низкий

Описание

In writeToParcel of CursorWindow.cpp, there is a possible out of bounds read due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Ссылки

https://android.googlesource.com/platform/frameworks/base/+/3c1515f4d1942f2453554315a576ed874703f78b
Patch
Product
https://source.android.com/security/bulletin/2025-06-01
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*

cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*

cpe:2.3:o:google:android:15.0:*:*:*:*:*:*:*

EPSS

Процентиль: 0%

0.00005

Низкий

5.5 Medium

CVSS3

Дефекты

CWE-457

Связанные уязвимости

GHSA-rc6h-67x7-j653

CVSS3: 5.5

github

5 месяцев назад

In writeToParcel of CursorWindow.cpp, there is a possible out of bounds read due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

EPSS

Процентиль: 0%

0.00005

Низкий

5.5 Medium

CVSS3

Дефекты

CWE-457