Input validation error in Google Android - CVE-2020-25057

 

Input validation error in Google Android - CVE-2020-25057

Published: August 31, 2020 / Updated: September 8, 2020


Vulnerability identifier: #VU46344
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2020-25057
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vendor: Google
Affected software:
Google Android

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

An issue was discovered on LG mobile devices with Android OS 10 software. MDMService does not properly restrict APK installations. The LG ID is LVE-SMP-200011 (July 2020).


How to mitigate CVE-2020-25057

Install update from vendor's website.

Sources