In updateState of ContentProtectionTogglePreferenceController.java, there is a possible way for a secondary user to disable the primary user's deceptive app scanning setting due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
History

Fri, 05 Sep 2025 21:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-269

Fri, 05 Sep 2025 19:15:00 +0000

Type Values Removed Values Added
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:o:google:android:15.0:*:*:*:*:*:*:*
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}


Fri, 05 Sep 2025 14:15:00 +0000

Type Values Removed Values Added
First Time appeared Google
Google android
Vendors & Products Google
Google android

Thu, 04 Sep 2025 17:30:00 +0000

Type Values Removed Values Added
Description In updateState of ContentProtectionTogglePreferenceController.java, there is a possible way for a secondary user to disable the primary user's deceptive app scanning setting due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
References

cve-icon MITRE

Status: PUBLISHED

Assigner: google_android

Published:

Updated: 2025-09-05T21:04:21.160Z

Reserved: 2025-02-10T18:29:32.999Z

Link: CVE-2025-26435

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2025-09-04T18:15:42.157

Modified: 2025-09-05T21:15:35.530

Link: CVE-2025-26435

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2025-09-05T14:02:15Z