Use After Free Vulnerability in Google Modules Video Product
CVE-2025-36934

7.4HIGH

Key Information:

Vendor

Google
Status
Android
Vendor
CVE Published:
11 December 2025

Badges

πŸ“ˆ Score: 222πŸ“° News Worthy

What is CVE-2025-36934?

CVE-2025-36934 is a vulnerability identified within the Google Modules Video Product, particularly related to the handling of memory in the component responsible for video processing. This "Use After Free" vulnerability arises from a race condition in the bigo_worker_thread, leading to circumstances where memory that has already been freed is still being accessed. If exploited, this could enable an attacker to escalate their privileges locally on the system without needing additional execution privileges or user interaction. The nature of this vulnerability allows malicious entities to potentially manipulate video modules, thereby compromising the integrity and security of the overall environment in which these products operate. Organizations utilizing this video product may face increased risk of unauthorized access to sensitive data and system controls.

Potential impact of CVE-2025-36934

  1. Local Privilege Escalation: The primary impact of CVE-2025-36934 is the potential for local privilege escalation. Attackers could exploit this vulnerability to gain elevated control over the affected systems, leading to unauthorized access to sensitive files, configurations, and system resources.

  2. Compromise of Security Posture: Organizations relying on the Google Modules Video Product may experience a degradation of their security posture. With the ability to escalate privileges, attackers could introduce malicious code or manipulate existing functionalities, thereby putting user data and system integrity at risk.

  3. Increased Attack Surface: As this vulnerability allows for exploitation without user interaction, it broadens the attack surface. Threat actors could launch automated attacks against systems running the affected software, potentially leading to widespread compromises and increased incidence of security breaches within organizations.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Android Android kernel

News Articles

favicon imageCyber Press

Google Project Zero Reveals Sophisticated Zero-Click Exploit Chain Targeting Pixel 9

Google Project Zero has uncovered a sophisticated zero-click exploit chain targeting Pixel 9 devices.

3 weeks ago

References

https://source.android.com/security/bulletin/pixel/2025-1...

CVSS V3.1

Score:
7.4
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • πŸ“°

    First article discovered by Cyber Press

  • Vulnerability published

  • Vulnerability Reserved

JSON
.