Primary

Context

Android Connectivity Service Missing Permission Check Vulnerability Allowing Local Information Disclosure

Vulnerability

A vulnerability exists in the Connectivity Service component of Android due to a missing permission check in the offerNetwork method. This oversight could allow an unauthorized application to intercept network requests by registering a network offer, thereby leaking sensitive information about other applications on the device. The vulnerability affects several Android versions and does not require additional execution privileges or user interaction for exploitation.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive data from other applications on the device.

Remediation

Users can update their devices to the June 2025 security patch level to address this vulnerability.

Added: Sep 4, 2025, 6:50 PM

Updated: Sep 4, 2025, 6:50 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.5

threat

3.2

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.5

threat

3.2

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Android Connectivity Service Missing Permission Check Vulnerability Allowing Local Information Disclosure

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating