Local Escalation of Privilege in Accessibility Settings of Android Device
CVE-2025-26439

Currently unrated

Key Information:

Vendor: Google
Status: Android
Vendor: CVE Published:; 4 September 2025

What is CVE-2025-26439?

A logic error in the AccessibilitySettingsUtils.java component of Android devices allows a malicious Talkback service to be enabled instead of the intended system component. This vulnerability permits local escalation of privilege, enabling attackers to gain elevated access with no need for additional execution privileges or user interaction. It poses a significant risk, as it allows unauthorized modifications to system settings, potentially compromising the security of the affected device.

Affected Version(s)

Android 14

References

https://source.android.com/security/bulletin/wear/2025-05-01

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 4, 2025
Vulnerability Reserved
Feb 10, 2025

Google

What is CVE-2025-26439?

Affected Version(s)

References

Timeline