CVE-2025-36887_CVE-2025-36887

7.8 / 10

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Description

In wl_cfgscan_update_v3_schedscan_results() of wl_cfgscan.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Basic Information

ID CVE-2025-36887

Source Google_Devices

Published Sep 4, 2025 at 05:17

Modified Sep 4, 2025 at 13:13

Affected Product

Vendor Google

Product Android

Version Android kernel

Affected Versions Google Android Android kernel

CWE Classification

CWE-787

References

source.android.com /security/bulletin/pixel/2025-06-01

{
    "lastseen": "",
    "description": "In wl_cfgscan_update_v3_schedscan_results() of  wl_cfgscan.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.",
    "published": "2025-09-04T05:17:19.856Z",
    "modified": "2025-09-04T13:13:57.339Z",
    "type": "cve",
    "title": "CVE-2025-36887",
    "source": "Google_Devices",
    "references": "https://source.android.com/security/bulletin/pixel/2025-06-01",
    "id": "CVE-2025-36887",
    "bulletinFamily": "",
    "cwe": [
        "CWE-787"
    ],
    "cvelist": null,
    "sourceData": "Google Android Android kernel",
    "sourceHref": "",
    "cvss": {
        "score": 7.8,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Android",
    "version": "Android kernel",
    "vendor": "Google",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}