Android Credential Manager Service Information Disclosure Vulnerability
Vulnerability
A vulnerability in the CredentialManagerServiceStub of CredentialManagerService.java allows for the retrieval of candidate credentials. This issue arises from a missing permission check, which could lead to local information disclosure without requiring additional execution privileges or user interaction.
Impact
Exploitation of this vulnerability could result in unauthorized access to sensitive credential information.
Remediation
Users can update their devices to the June 2025 security patch level to address this vulnerability.
Added: Sep 4, 2025, 6:55 PM
Updated: Sep 4, 2025, 6:55 PM
Vulnerability Rating
Custom Algorithm
spread
0.0impact
2.5exploitability
4.0remediation
0.0relevance
0.5threat
3.2urgency
2.9incentive
0.8Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.