CVE-2025-26443

Published Sep 4, 2025

Last updated 8 months ago

CVSS high 7.3
Mobile device

Overview

Description
In parseHtml of HtmlToSpannedParser.java, there is a possible way to install apps without allowing installation from unknown sources due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
Source
security@android.com
NVD status
Undergoing Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
7.3
Impact score
5.9
Exploitability score
1.3
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Severity
HIGH

Weaknesses

134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE-693

Social media

Hype score
Not currently trending

  1. CVE-2025-26443 In parseHtml of https://t.co/cjj40nDV0S, there is a possible way to install apps without allowing installation from unknown sources due to a logic error in the code.… https://t.co/uDrJamqyan

    @CVEnew

    4 Sept 2025

    109 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Related CVEs

  1. Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x <= 10.11.10 fail to use consistent error responses when handling the /mute command which allows an authenticated team member to enumerate private channels they are not authorized to know about via differing error messages for nonexistent versus private channels. Mattermost Advisory ID: MMSA-2026-00588CVE-2026-21386
  2. Improper export of android application components in Samsung Assistant prior to version 9.3.10.7 allows local attacker to access saved information.CVE-2026-20993
  3. Google Chromium V8 Improper Restriction of Operations Within the Bounds of a Memory Buffer VulnerabilityCVE-2026-3910
  4. In validateAddingWindowLw of DisplayPolicy.java, there is a possible way for an app to intercept drag-and-drop events due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.CVE-2025-48574
  5. In multiple functions of MediaProvider.java, there is a possible way to bypass the WRITE_EXTERNAL_STORAGE permission due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.CVE-2025-48578

References

Sources include official advisories and independent security research.