In updateState of ContentProtectionTogglePreferenceController.java, there is a possible way for a secondary user to disable the primary user's deceptive app scanning setting due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Metrics
Affected Vendors & Products
References
History
Fri, 05 Sep 2025 21:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-269 |
Fri, 05 Sep 2025 19:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | NVD-CWE-noinfo | |
CPEs | cpe:2.3:o:google:android:15.0:*:*:*:*:*:*:* | |
Metrics |
cvssV3_1
|
Fri, 05 Sep 2025 14:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Google
Google android |
|
Vendors & Products |
Google
Google android |
Thu, 04 Sep 2025 17:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | In updateState of ContentProtectionTogglePreferenceController.java, there is a possible way for a secondary user to disable the primary user's deceptive app scanning setting due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |
References |
|

Status: PUBLISHED
Assigner: google_android
Published:
Updated: 2025-09-05T21:04:21.160Z
Reserved: 2025-02-10T18:29:32.999Z
Link: CVE-2025-26435

No data.

Status : Modified
Published: 2025-09-04T18:15:42.157
Modified: 2025-09-05T21:15:35.530
Link: CVE-2025-26435

No data.

Updated: 2025-09-05T14:02:15Z