SB2025050560 - Multiple vulnerabilities in Google Android
Published: May 5, 2025 Updated: August 29, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 24 secuirty vulnerabilities.
1) Exposure of sensitive information to an unauthorized actor (CVE-ID: CVE-2025-26442)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the Framework component. A local application can gain access to sensitive information.
2) Exposure of sensitive information to an unauthorized actor (CVE-ID: CVE-2023-35657)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the System component. A local application can gain access to sensitive information.
3) Improper input validation (CVE-ID: CVE-2025-26438)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the System component. A local application can execute arbitrary code.
4) Improper input validation (CVE-ID: CVE-2025-26435)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the System component. A local application can execute arbitrary code.
5) Improper input validation (CVE-ID: CVE-2025-26430)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the System component. A local application can execute arbitrary code.
6) Improper input validation (CVE-ID: CVE-2025-26425)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the System component. A local application can execute arbitrary code.
7) Improper input validation (CVE-ID: CVE-2025-26423)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the System component. A local application can execute arbitrary code.
8) Improper input validation (CVE-ID: CVE-2025-26421)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the System component. A local application can execute arbitrary code.
9) Improper input validation (CVE-ID: CVE-2025-26420)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the System component. A local application can execute arbitrary code.
10) Improper input validation (CVE-ID: CVE-2025-26429)
The vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Framework component. A local application can perform a denial of service (DoS) attack.
11) Exposure of sensitive information to an unauthorized actor (CVE-ID: CVE-2025-26424)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the Framework component. A local application can gain access to sensitive information.
12) Improper input validation (CVE-ID: CVE-2024-34739)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the Framework component. A local application can execute arbitrary code.
13) Improper input validation (CVE-ID: CVE-2025-26444)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the Framework component. A local application can execute arbitrary code.
14) Improper input validation (CVE-ID: CVE-2025-26440)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the Framework component. A local application can execute arbitrary code.
15) Improper input validation (CVE-ID: CVE-2025-26436)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the Framework component. A local application can execute arbitrary code.
16) Improper input validation (CVE-ID: CVE-2025-26428)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the Framework component. A local application can execute arbitrary code.
17) Improper input validation (CVE-ID: CVE-2025-26427)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the Framework component. A local application can execute arbitrary code.
18) Improper input validation (CVE-ID: CVE-2025-26426)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the Framework component. A local application can execute arbitrary code.
19) Improper input validation (CVE-ID: CVE-2025-26422)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the Framework component. A local application can execute arbitrary code.
20) Improper input validation (CVE-ID: CVE-2025-22425)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the Framework component. A local application can execute arbitrary code.
21) Improper input validation (CVE-ID: CVE-2025-0087)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the Framework component. A local application can execute arbitrary code.
22) Improper input validation (CVE-ID: CVE-2025-0077)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the Framework component. A local application can execute arbitrary code.
23) Out-of-bounds write (CVE-ID: CVE-2025-27363)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input. A remote attacker can pass a specially crafted font to the application that is using an affected version of the library, trigger an out-of-bounds write and execute arbitrary code on the target system.
24) Improper input validation (CVE-ID: CVE-2023-21342)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the Framework component. A local application can execute arbitrary code.
Remediation
Install update from vendor's website.
References
- https://source.android.com/docs/security/bulletin/2025-05-01
- https://android.googlesource.com/platform/frameworks/base/+/50e1f8f36e32928d10e72324c05a203a6db9f7fb
- https://source.android.com/docs/security/bulletin/2025-05-01#2025-05-01-security-patch-level-vulnerability-details
- https://android.googlesource.com/platform/frameworks/base/+/4c269d7b0ec71951f773844b2a325e556f982a9c