CVE-2025-26454
7.8HIGHIn validateUriSchemeAndPermission of DisclaimersParserImpl.java , there is a possible way to access data from another user due to a confused deputy. This could lead to local escalation of privilege wi
게시됨: 9/4/2025업데이트됨: 9/8/2025
설명
In validateUriSchemeAndPermission of DisclaimersParserImpl.java , there is a possible way to access data from another user due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
AI 분석AI 기반
영향받는 제품
googleandroid
13.0
googleandroid
14.0
googleandroid
15.0
참조
- https://android.googlesource.com/platform/packages/apps/ManagedProvisioning/+/03cadb65c0b6a91a480041aa9129e9dbf995279bPatchProduct
- https://android.googlesource.com/platform/packages/apps/ManagedProvisioning/+/d33d045407c5bd0000442667d9ef5c9fc3f590e5PatchProduct
- https://source.android.com/security/bulletin/2025-09-01Vendor Advisory