CVE-2025-26456

In multiple functions of DexUseManagerLocal.java, there is a possible way to crash system server due to a logic error in the code. This could lead to local permanent denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
UNKNOWN
---
google_androidCNA
---
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
References
https://android.googlesource.com/platform/art/+/06a99377e368b688dbeb4e6bb11b6e1dfca8bb70
https://android.googlesource.com/platform/art/+/1aedae6e1049aa794b3554183bf07634c8fa291b
https://android.googlesource.com/platform/art/+/3c76194d116bad95e11bda345feaedda6c02c8b4
https://source.android.com/security/bulletin/2025-06-01