Multiple vulnerabilities in Google Android

1) Out-of-bounds read

EUVDB-ID: #VU107021

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-20655

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to a missing bounds check within keymaster. A local application can gain access to sensitive information.

Install update from vendor's website.

Google Android: 12 - 15 2025-03-05

• cpe:2.3:o:google:android:*:*:*:*:*:*:*:*

https://source.android.com/docs/security/bulletin/2025-04-01

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Buffer over-read

EUVDB-ID: #VU107105

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2025-21448

CWE-ID: CWE-126 - Buffer over-read

Exploit availability: No

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation in WLAN Firmware. A remote attacker can perform a denial of service (DoS) attack.

Install update from vendor's website.

Google Android: 12 - 15 2025-03-05

https://source.android.com/docs/security/bulletin/2025-04-01

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Buffer over-read

EUVDB-ID: #VU107094

Risk: High

CVSSv4.0: 6.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2024-45552

CWE-ID: CWE-126 - Buffer over-read

Exploit availability: No

The vulnerability allows a remote attacker to read and manipulate data.

The vulnerability exists due to improper input validation in Data Network Stack & Connectivity. A remote attacker can read and manipulate data.

Install update from vendor's website.

Google Android: 12 - 15 2025-03-05

https://source.android.com/docs/security/bulletin/2025-04-01

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Exposure of Sensitive System Information to an Unauthorized Control Sphere

EUVDB-ID: #VU107093

Risk: Low

CVSSv4.0: 5.8 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-45549

CWE-ID: CWE-497 - Exposure of Sensitive System Information to an Unauthorized Control Sphere

Exploit availability: No

The vulnerability allows a local application to read and manipulate data.

The vulnerability exists due to improper input validation in KERNEL. A local application can read and manipulate data.

Install update from vendor's website.

Google Android: 12 - 15 2025-03-05

https://source.android.com/docs/security/bulletin/2025-04-01

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Exposed Dangerous Method or Function

EUVDB-ID: #VU107092

Risk: Low

CVSSv4.0: 5.8 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43065

CWE-ID: CWE-749 - Exposed Dangerous Method or Function

Exploit availability: No

The vulnerability allows a local application to read and manipulate data.

The vulnerability exists due to improper input validation in HLOS. A local application can read and manipulate data.

Install update from vendor's website.

Google Android: 12 - 15 2025-03-05

https://source.android.com/docs/security/bulletin/2025-04-01

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Insufficient Granularity of Access Control

EUVDB-ID: #VU107091

Risk: Low

CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-33058

CWE-ID: CWE-1220 - Insufficient Granularity of Access Control

Exploit availability: No

The vulnerability allows a local privileged application to execute arbitrary code.

The vulnerability exists due to improper input validation in Core. A local privileged application can execute arbitrary code.

Install update from vendor's website.

Google Android: 12 - 15 2025-03-05

https://source.android.com/docs/security/bulletin/2025-04-01

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Weak Authentication

EUVDB-ID: #VU107087

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-45551

CWE-ID: CWE-1390 - Weak Authentication

Exploit availability: No

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to improper input validation in HLOS. A local application can gain access to sensitive information.

Install update from vendor's website.

Google Android: 12 - 15 2025-03-05

https://source.android.com/docs/security/bulletin/2025-04-01

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Use After Free

EUVDB-ID: #VU107114

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21436

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation in DSP Service. A local application can execute arbitrary code.

Install update from vendor's website.

Google Android: 12 - 15 2025-03-05

https://source.android.com/docs/security/bulletin/2025-04-01

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Buffer over-read

EUVDB-ID: #VU107113

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2025-21435

CWE-ID: CWE-126 - Buffer over-read

Exploit availability: No

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation in WLAN Host Communication. A remote attacker can perform a denial of service (DoS) attack.

Install update from vendor's website.

Google Android: 12 - 15 2025-03-05

https://source.android.com/docs/security/bulletin/2025-04-01

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Buffer over-read

EUVDB-ID: #VU107112

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2025-21434

CWE-ID: CWE-126 - Buffer over-read

Exploit availability: No

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation in WLAN Host. A remote attacker can perform a denial of service (DoS) attack.

Install update from vendor's website.

Google Android: 12 - 15 2025-03-05

https://source.android.com/docs/security/bulletin/2025-04-01

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Buffer over-read

EUVDB-ID: #VU107111

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2025-21430

CWE-ID: CWE-126 - Buffer over-read

Exploit availability: No

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation in WLAN Host. A remote attacker can perform a denial of service (DoS) attack.

Install update from vendor's website.

Google Android: 12 - 15 2025-03-05

https://source.android.com/docs/security/bulletin/2025-04-01

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Buffer over-read

EUVDB-ID: #VU107110

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2025-21429

CWE-ID: CWE-126 - Buffer over-read

Exploit availability: No

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation in WLAN Host. A remote attacker can perform a denial of service (DoS) attack.

Install update from vendor's website.

Google Android: 12 - 15 2025-03-05

https://source.android.com/docs/security/bulletin/2025-04-01

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Use After Free

EUVDB-ID: #VU107108

Risk: Low

CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49848

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local privileged application to execute arbitrary code.

The vulnerability exists due to improper input validation in DSP Service. A local privileged application can execute arbitrary code.

Install update from vendor's website.

Google Android: 12 - 15 2025-03-05

https://source.android.com/docs/security/bulletin/2025-04-01

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Use After Free

EUVDB-ID: #VU107107

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43066

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation in HLOS. A local application can execute arbitrary code.

Install update from vendor's website.

Google Android: 12 - 15 2025-03-05

https://source.android.com/docs/security/bulletin/2025-04-01

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Out-of-bounds write

EUVDB-ID: #VU107024

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-20658

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to a logic error within DA. A local application can execute arbitrary code.

Install update from vendor's website.

Google Android: 12 - 15 2025-03-05

https://source.android.com/docs/security/bulletin/2025-04-01

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Use-after-free

EUVDB-ID: #VU100612

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50264

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the virtio_transport_destruct() function in net/vmw_vsock/virtio_transport_common.c. A local user can escalate privileges on the system.

Install update from vendor's website.

Google Android: 12 - 15 2025-03-05

https://source.android.com/docs/security/bulletin/2025-04-01

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Use-after-free

EUVDB-ID: #VU107124

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46972

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a reference count overflow in pvr_sync_rollback_export_fence. A local application can trigger a use-after-free error and escalate privileges on the system.

Install update from vendor's website.

Google Android: 12 - 15 2025-03-05

https://source.android.com/docs/security/bulletin/2025-04-01

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Out-of-bounds write

EUVDB-ID: #VU102090

Risk: High

CVSSv4.0: 8.5 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Amber]

CVE-ID: CVE-2024-53197

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

The vulnerability allows a local user to compromise the affected system.

The vulnerability exists due to an out-of-bounds write error within the snd_usb_create_quirk(), snd_usb_extigy_boot_quirk(), mbox2_setup_48_24_magic() and snd_usb_mbox2_boot_quirk() functions in sound/usb/quirks.c. A local user can trigger an out-of-bounds write and execute arbitrary code on the system.

Note, the vulnerability is being actively exploited against Android devices.

Install update from vendor's website.

Google Android: 12 - 15 2025-03-05

https://source.android.com/docs/security/bulletin/2025-04-01

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.

19) Use-after-free

EUVDB-ID: #VU102041

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56556

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the binder_txns_pending_ilocked() and binder_add_freeze_work() functions in drivers/android/binder.c. A local user can escalate privileges on the system.

Install update from vendor's website.

Google Android: 12 - 15 2025-03-05

https://source.android.com/docs/security/bulletin/2025-04-01

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Out-of-bounds read

EUVDB-ID: #VU101910

Risk: High

CVSSv4.0: 6.8 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:A/U:Amber]

CVE-ID: CVE-2024-53150

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the DESC_LENGTH_CHECK(), validate_clock_source() and validate_clock_selector() functions in sound/usb/clock.c. A local user can perform a denial of service (DoS) attack.

Install update from vendor's website.

Google Android: 12 - 15 2025-03-05

https://source.android.com/docs/security/bulletin/2025-04-01

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.

21) Buffer overflow

EUVDB-ID: #VU107131

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-0050

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a boundary error. A local application can trigger memory corruption and execute arbitrary code with elevated privileges.

Install update from vendor's website.

Google Android: 12 - 15 2025-03-05

https://source.android.com/docs/security/bulletin/2025-04-01

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) Improper privilege management

EUVDB-ID: #VU107122

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43702

CWE-ID: CWE-269 - Improper Privilege Management

Exploit availability: No

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to MLIST/PM render state buffers writable. A local application can write data to arbitrary kernel memory pages.

Install update from vendor's website.

Google Android: 12 - 15 2025-03-05

https://source.android.com/docs/security/bulletin/2025-04-01

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

23) Use-after-free

EUVDB-ID: #VU107123

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43703

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to duplicate calls to RGXCreateFreeList. A local application can trigger a use-after-free error and execute arbitrary code with elevated privileges.

Install update from vendor's website.

Google Android: 12 - 15 2025-03-05

https://source.android.com/docs/security/bulletin/2025-04-01

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

24) Out-of-bounds write

EUVDB-ID: #VU107125

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47897

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a boundary error in VRSRVRGXGetEnabledHWPerfBlocksKM. A local application can trigger an out-of-bounds write and execute arbitrary code on the system.

Install update from vendor's website.

Google Android: 12 - 15 2025-03-05

https://source.android.com/docs/security/bulletin/2025-04-01

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

25) Out-of-bounds write

EUVDB-ID: #VU107023

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-20657

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within vdec. A local application can execute arbitrary code.

Install update from vendor's website.

Google Android: 12 - 15 2025-03-05

https://source.android.com/docs/security/bulletin/2025-04-01

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

26) Out-of-bounds write

EUVDB-ID: #VU107126

Risk: Low

CVSSv4.0: 2.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-52936

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a boundary error in rgxfw_hwperf_config. Kernel software installed on Guest VM can post improper commands to the GPU Firmware to write data outside the Guest’s virtualised GPU memory.

Install update from vendor's website.

Google Android: 12 - 15 2025-03-05

https://source.android.com/docs/security/bulletin/2025-04-01

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

27) Out-of-bounds write

EUVDB-ID: #VU107127

Risk: Low

CVSSv4.0: 2.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-52937

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a boundary error within the rgxfw_kernel_CMD_DISABLE_ZSSTORE() function. Kernel software installed and running inside a Guest VM may exploit memory shared with the GPU Firmware to write data outside the Guest’s virtualised GPU memory.

Install update from vendor's website.

Google Android: 12 - 15 2025-03-05

https://source.android.com/docs/security/bulletin/2025-04-01

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

28) Out-of-bounds write

EUVDB-ID: #VU107128

Risk: Low

CVSSv4.0: 2.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-52938

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the rgxfw_pm_add_freelist_for_reconstruction() function. Kernel software installed and running inside a Guest VM may post improper commands to the GPU Firmware to subvert reconstruction activities to trigger a write of data outside the Guest’s virtualised GPU memory.

Install update from vendor's website.

Google Android: 12 - 15 2025-03-05

https://source.android.com/docs/security/bulletin/2025-04-01

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

29) Out-of-bounds read

EUVDB-ID: #VU107129

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47894

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local application to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition. A local application can trigger an out-of-bounds read error and read contents of memory on the system.

Install update from vendor's website.

Google Android: 12 - 15 2025-03-05

https://source.android.com/docs/security/bulletin/2025-04-01

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

30) Out-of-bounds read

EUVDB-ID: #VU107130

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47895

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local application to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition. A local application can trigger an out-of-bounds read error and read contents of memory on the system.

Install update from vendor's website.

Google Android: 12 - 15 2025-03-05

https://source.android.com/docs/security/bulletin/2025-04-01

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

31) Out-of-bounds write

EUVDB-ID: #VU107022

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-20656

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to a missing bounds check within DA. A local application can execute arbitrary code.

Install update from vendor's website.

Google Android: 12 - 15 2025-03-05

https://source.android.com/docs/security/bulletin/2025-04-01

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

32) Improper input validation

EUVDB-ID: #VU107082

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-22432

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the System component. A local application can execute arbitrary code.

Install security update from vendor's website.

Google Android: before 14 2025-04-01, 15 2025-04-01

• cpe:2.3:o:google:android:*:*:*:*:*:*:*:*

https://source.android.com/docs/security/bulletin/2025-04-01

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

33) Improper input validation

EUVDB-ID: #VU107080

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-22427

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the System component. A local application can execute arbitrary code.

Install security update from vendor's website.

Google Android: before 14 2025-04-01, 15 2025-04-01

• cpe:2.3:o:google:android:*:*:*:*:*:*:*:*

https://source.android.com/docs/security/bulletin/2025-04-01

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

34) Improper input validation

EUVDB-ID: #VU107084

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-22435

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the System component. A local application can execute arbitrary code.

Install security update from vendor's website.

Google Android: before 14 2025-04-01, 15 2025-04-01

• cpe:2.3:o:google:android:*:*:*:*:*:*:*:*

https://source.android.com/docs/security/bulletin/2025-04-01

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

35) Improper input validation

EUVDB-ID: #VU107078

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-22418

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the System component. A local application can execute arbitrary code.

Install security update from vendor's website.

Google Android: before 14 2025-04-01

• cpe:2.3:o:google:android:*:*:*:*:*:*:*:*

https://source.android.com/docs/security/bulletin/2025-04-01

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

36) Improper input validation

EUVDB-ID: #VU107077

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49730

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the System component. A local application can execute arbitrary code.

Install security update from vendor's website.

Google Android: before 14 2025-04-01

• cpe:2.3:o:google:android:*:*:*:*:*:*:*:*

https://source.android.com/docs/security/bulletin/2025-04-01

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

37) Improper input validation

EUVDB-ID: #VU107076

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49720

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the System component. A local application can execute arbitrary code.

Install security update from vendor's website.

Google Android: before 14 2025-04-01, 15 2025-04-01

• cpe:2.3:o:google:android:*:*:*:*:*:*:*:*

https://source.android.com/docs/security/bulletin/2025-04-01

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

38) Improper input validation

EUVDB-ID: #VU107075

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-40653

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the System component. A local application can execute arbitrary code.

Install security update from vendor's website.

Google Android: before 14 2025-04-01, 15 2025-04-01

• cpe:2.3:o:google:android:*:*:*:*:*:*:*:*

https://source.android.com/docs/security/bulletin/2025-04-01

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

39) Improper input validation

EUVDB-ID: #VU107081

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-22428

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the System component. A local application can execute arbitrary code.

Install security update from vendor's website.

Google Android: before 14 2025-04-01, 15 2025-04-01

• cpe:2.3:o:google:android:*:*:*:*:*:*:*:*

https://source.android.com/docs/security/bulletin/2025-04-01

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

40) Improper input validation

EUVDB-ID: #VU107079

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-22419

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the System component. A local application can execute arbitrary code.

Install security update from vendor's website.

Google Android: before 14 2025-04-01, 15 2025-04-01

• cpe:2.3:o:google:android:*:*:*:*:*:*:*:*

https://source.android.com/docs/security/bulletin/2025-04-01

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

41) Improper input validation

EUVDB-ID: #VU107083

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-22433

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the System component. A local application can execute arbitrary code.

Install security update from vendor's website.

Google Android: before 14 2025-04-01, 15 2025-04-01

• cpe:2.3:o:google:android:*:*:*:*:*:*:*:*

https://source.android.com/docs/security/bulletin/2025-04-01

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

42) Improper input validation

EUVDB-ID: #VU107085

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-22439

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the System component. A local application can execute arbitrary code.

Install security update from vendor's website.

Google Android: before 14 2025-04-01, 15 2025-04-01

• cpe:2.3:o:google:android:*:*:*:*:*:*:*:*

https://source.android.com/docs/security/bulletin/2025-04-01

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

43) Improper input validation

EUVDB-ID: #VU107072

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-22431

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local application to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Framework component. A local application can perform a denial of service (DoS) attack.

Install security update from vendor's website.

Google Android: before 14 2025-04-01, 15 2025-04-01

• cpe:2.3:o:google:android:*:*:*:*:*:*:*:*

https://source.android.com/docs/security/bulletin/2025-04-01

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

44) Information exposure

EUVDB-ID: #VU107070

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-22421

CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor

Exploit availability: No

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to improper input validation within the Framework component. A local application can gain access to sensitive information.

Install security update from vendor's website.

Google Android: before 14 2025-04-01, 15 2025-04-01

• cpe:2.3:o:google:android:*:*:*:*:*:*:*:*

https://source.android.com/docs/security/bulletin/2025-04-01

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

45) Information exposure

EUVDB-ID: #VU107069

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49722

CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor

Exploit availability: No

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to improper input validation within the Framework component. A local application can gain access to sensitive information.

Install security update from vendor's website.

Google Android: before

• cpe:2.3:o:google:android:*:*:*:*:*:*:*:*

https://source.android.com/docs/security/bulletin/2025-04-01

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

46) Improper input validation

EUVDB-ID: #VU107068

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-22442

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the Framework component. A local application can execute arbitrary code.

Install security update from vendor's website.

Google Android: before 14 2025-04-01, 15 2025-04-01

• cpe:2.3:o:google:android:*:*:*:*:*:*:*:*

https://source.android.com/docs/security/bulletin/2025-04-01

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

47) Improper input validation

EUVDB-ID: #VU107066

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-22437

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the Framework component. A local application can execute arbitrary code.

Install security update from vendor's website.

Google Android: before

• cpe:2.3:o:google:android:*:*:*:*:*:*:*:*

https://source.android.com/docs/security/bulletin/2025-04-01

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

48) Improper input validation

EUVDB-ID: #VU107065

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-22434

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the Framework component. A local application can execute arbitrary code.

Install security update from vendor's website.

Google Android: before 15 2025-04-01

• cpe:2.3:o:google:android:*:*:*:*:*:*:*:*

https://source.android.com/docs/security/bulletin/2025-04-01

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

49) Improper input validation

EUVDB-ID: #VU107063

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-22424

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the Framework component. A local application can execute arbitrary code.

Install security update from vendor's website.

Google Android: before 14 2025-04-01, 15 2025-04-01

• cpe:2.3:o:google:android:*:*:*:*:*:*:*:*

https://source.android.com/docs/security/bulletin/2025-04-01

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

50) Improper input validation

EUVDB-ID: #VU107064

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-22426

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the Framework component. A local application can execute arbitrary code.

Install security update from vendor's website.

Google Android: before 14 2025-04-01, 15 2025-04-01

• cpe:2.3:o:google:android:*:*:*:*:*:*:*:*

https://source.android.com/docs/security/bulletin/2025-04-01

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

51) Improper input validation

EUVDB-ID: #VU107061

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-22417

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the Framework component. A local application can execute arbitrary code.

Install security update from vendor's website.

Google Android: before 15 2025-04-01

• cpe:2.3:o:google:android:*:*:*:*:*:*:*:*

https://source.android.com/docs/security/bulletin/2025-04-01

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

52) Improper input validation

EUVDB-ID: #VU107060

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-22416

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the Framework component. A local application can execute arbitrary code.

Install security update from vendor's website.

Google Android: before 14 2025-04-01, 15 2025-04-01

• cpe:2.3:o:google:android:*:*:*:*:*:*:*:*

https://source.android.com/docs/security/bulletin/2025-04-01

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

53) Information exposure

EUVDB-ID: #VU107059

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-22429

CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor

Exploit availability: No

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to improper input validation within the Framework component. A local application can gain access to sensitive information.

Install security update from vendor's website.

Google Android: before 14 2025-04-01, 15 2025-04-01

• cpe:2.3:o:google:android:*:*:*:*:*:*:*:*

https://source.android.com/docs/security/bulletin/2025-04-01

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

54) Improper input validation

EUVDB-ID: #VU107067

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-22438

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the Framework component. A local application can execute arbitrary code.

Install security update from vendor's website.

Google Android: before 14 2025-04-01

• cpe:2.3:o:google:android:*:*:*:*:*:*:*:*

https://source.android.com/docs/security/bulletin/2025-04-01

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

55) Improper input validation

EUVDB-ID: #VU107062

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-22422

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the Framework component. A local application can execute arbitrary code.

Install security update from vendor's website.

Google Android: before 14 2025-04-01, 15 2025-04-01

• cpe:2.3:o:google:android:*:*:*:*:*:*:*:*

https://source.android.com/docs/security/bulletin/2025-04-01

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

56) Improper input validation

EUVDB-ID: #VU107074

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-22423

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local application to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the System component. A local application can perform a denial of service (DoS) attack.

Install security update from vendor's website.

Google Android: before 14 2025-04-01, 15 2025-04-01

• cpe:2.3:o:google:android:*:*:*:*:*:*:*:*

https://source.android.com/docs/security/bulletin/2025-04-01

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

57) Information exposure

EUVDB-ID: #VU107071

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-22430

CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor

Exploit availability: No

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to improper input validation within the Framework component. A local application can gain access to sensitive information.

Install security update from vendor's website.

Google Android: before

• cpe:2.3:o:google:android:*:*:*:*:*:*:*:*

https://source.android.com/docs/security/bulletin/2025-04-01

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

58) Improper input validation

EUVDB-ID: #VU107073

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-26416

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the System component. A local application can execute arbitrary code.

Install security update from vendor's website.

Google Android: before 14 2025-04-01, 15 2025-04-01

• cpe:2.3:o:google:android:*:*:*:*:*:*:*:*

https://source.android.com/docs/security/bulletin/2025-04-01

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.