CVE-2025-26436

Published Sep 4, 2025

Last updated 7 months ago

CVSS high 7.8

Overview

Description: In clearAllowBgActivityStarts of PendingIntentRecord.java, there is a possible way for an application to launch an activity from the background due to BAL Bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Source: security@android.com
NVD status: Analyzed
Products: android

Risk scores

CVSS 3.1

Type: Primary
Base score: 7.8
Impact score: 5.9
Exploitability score: 1.8
Vector string: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH

Weaknesses

nvd@nist.gov: NVD-CWE-noinfo
134c704f-9b21-4f2e-91b3-4a467353bcc0: CWE-863

Hype score: Not currently trending

CVE-2025-26436 In clearAllowBgActivityStarts of https://t.co/zTJVjMeMkO, there is a possible way for an application to launch an activity from the background due to BAL Bypass. Thi… https://t.co/ISXaiHUwFy
@CVEnew
4 Sept 2025
236 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes

Configurations

[
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
            "matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*",
            "matchCriteriaId": "2700BCC5-634D-4EC6-AB67-5B678D5F951D",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:google:android:15.0:*:*:*:*:*:*:*",
            "matchCriteriaId": "8538774C-906D-4B03-A3E7-FA7A55E0DA9E",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

Related CVEs

References