CVE-2025-26450

Published Sep 4, 2025

Last updated 8 months ago

CVSS high 7.8
Mobile device

Overview

Description
In onInputEvent of IInputMethodSessionWrapper.java, there is a possible way for an untrusted app to inject key and motion events to the default IME due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Source
security@android.com
NVD status
Undergoing Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
7.8
Impact score
5.9
Exploitability score
1.8
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity
HIGH

Weaknesses

134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE-862

Social media

Hype score
Not currently trending

  1. CVE-2025-26450 In onInputEvent of https://t.co/xOQOAAFb0F, there is a possible way for an untrusted app to inject key and motion events to the default IME due to a missing p… https://t.co/qIZ6p9ZfNk

    @CVEnew

    4 Sept 2025

    107 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. ⚠️Actualizaciones de seguridad de Android ❗CVE-2025-26456 ❗CVE-2025-26450 ❗CVE-2025-26441 ➡️Más info: https://t.co/l7yIqavEep https://t.co/5a7iFgcu39

    @CERTpy

    4 Jun 2025

    84 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Related CVEs

  1. Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x <= 10.11.10 fail to use consistent error responses when handling the /mute command which allows an authenticated team member to enumerate private channels they are not authorized to know about via differing error messages for nonexistent versus private channels. Mattermost Advisory ID: MMSA-2026-00588CVE-2026-21386
  2. Improper export of android application components in Samsung Assistant prior to version 9.3.10.7 allows local attacker to access saved information.CVE-2026-20993
  3. Google Chromium V8 Improper Restriction of Operations Within the Bounds of a Memory Buffer VulnerabilityCVE-2026-3910
  4. In validateAddingWindowLw of DisplayPolicy.java, there is a possible way for an app to intercept drag-and-drop events due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.CVE-2025-48574
  5. In multiple functions of MediaProvider.java, there is a possible way to bypass the WRITE_EXTERNAL_STORAGE permission due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.CVE-2025-48578

References

Sources include official advisories and independent security research.