Security Advisory

CVE-2025-26450

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-09-04 17:14:59
Last updated 2026-02-26 17:49:30
Assigner google_android
State PUBLISHED

Description

In onInputEvent of IInputMethodSessionWrapper.java, there is a possible way for an untrusted app to inject key and motion events to the default IME due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.