Secure ISS
NewsThreats
T

Threats

Android and Pixel Critical Vulnerabilities

Overview

  • CVE: CVE-2025-36890, CVE-2025-36896, CVE-2025-36897, CVE-2025-36904, CVE-2025-48581

  • Severity: Critical

  • Date: 8 September 2025

Google has disclosed multiple critical vulnerabilities affecting Android and Google Pixel devices. These include remote code execution and privilege escalation flaws in WLAN, system firmware, and update mechanisms. Devices running Android without the 2025-09-05 patch level are exposed to remote takeover, update suppression, or privilege abuse, many of which require no user interaction or additional permissions.

 

Affected Versions

Android OS (general): All devices not yet patched to 2025-09-05

Google Pixel Devices: Firmware older than 2025-09-05 OTA release

Any Android-based devices using WLAN, AOSP firmware, or standard update channels

 

Vulnerability Breakdown

CVE-2025-36890 – WLAN Elevation of Privilege

Component: WLAN

Impact: Local privilege escalation without user interaction

Platform: Android (general)


CVE-2025-36896 – WLAN Elevation of Privilege (Pixel-specific)

Component: WLAN on Pixel

Impact: Privilege escalation via WLAN firmware flaw

Platform: Google Pixel devices


CVE-2025-36897 – Remote Code Execution in cd_CnMsgCodecUserApi.cpp

Component: System

Impact: Remote code execution via out-of-bounds write

Platform: AOSP and Pixel


CVE-2025-36904 – WLAN Privilege Escalation (A-396458384)

Component: WLAN on Pixel

Impact: Local privilege escalation

Platform: Pixel devices


CVE-2025-48581 – Update Blocking via Apexd

Component: apexd.cpp (update framework)

Impact: Malicious apps may block future security updates

Platform: Android devices pre-2025-09-05

 

Mitigation

  1. Apply the 2025-09-05 Android security patch level to all affected devices

  2. Update Google Pixel firmware via OTA to build 2025-09-05 or later

  3. Use MDM/EMM platforms to enforce update compliance across fleet devices

  4. Restrict WLAN access for unpatched devices in enterprise environments

  5. No viable workarounds exist. Patching is mandatory

 

Summary for IT Teams

Products: Android OS, Google Pixel Devices, AOSP-based builds
Threat Level: Critical
Action Required:

  • Ensure all devices meet the 2025-09-05 patch level

  • Validate OTA delivery and monitor for blocked update mechanisms

  • Audit for WLAN privilege escalation attempts or unexpected code execution

  • Segment unpatched devices from production networks


Reference

Cta Image

Australia is secure when
Australian talent defends it.

Reach out today to discuss how with Lumara, we can work together to protect your business from the always changing Australian threat landscape.

Contact US

Cta Image

Australia is secure when
Australian talent defends it.

Reach out today to discuss how with Lumara, we can work together to protect your business from the always changing Australian threat landscape.

Contact US

Cta Image

Australia is secure when
Australian talent defends it.

Reach out today to discuss how with Lumara, we can work together to protect your business from the always changing Australian threat landscape.

Contact US