{"id":"ASB-A-370477460","details":"In CredentialManagerServiceStub of CredentialManagerService.java, there is a possible way to retrieve candidate credentials due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-370477460","CVE-2025-26437"],"modified":"2026-03-11T06:30:30.226011Z","published":"2025-06-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2025-06-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/frameworks/base/+/c623bbe683082b602ecff0f33fbb439ffc1d2da3"}],"affected":[{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"16-next:0"},{"fixed":"16-next:2025-06-01"}]}],"versions":["16-next"],"ecosystem_specific":{"severity":"High","fixes":["https://googleplex-android.googlesource.com/platform/frameworks/base/+/3f41ea90fa99f63759dc7bebf3a14256a4a3145c","https://googleplex-android.googlesource.com/platform/frameworks/base/+/571a97ade14d3e008172a1c084bf7331f6fc8875","https://googleplex-android.googlesource.com/platform/frameworks/base/+/b3d70aab1515d583aeebbcb6440f6c790502bc8f"],"vanir_signatures":[{"signature_type":"Line","target":{"file":"services/credentials/java/com/android/server/credentials/CredentialManagerService.java"},"source":"https://googleplex-android.googlesource.com/platform/frameworks/base/+/571a97ade14d3e008172a1c084bf7331f6fc8875","signature_version":"v1","id":"ASB-A-370477460-7728e348","deprecated":false,"digest":{"threshold":0.9,"line_hashes":["138577848234341603437095609589561053688","55991586641641286659296986824021752837","68858622012237976314078123664975942140","18481188494246600912364260583610353341","236757797298643586277567079489527692433","260400859541391930397799917262971480305","89796163820097067758905871865778352977","152470181634356134627737138537383340738","339794184165844137590346342789191757060","70771956055940442514103611574301114154","274392003005117655454855067371589433834","207043211942330825131371115835424927412","142280056840589166469166032296599249750","85859684829694125647308804128709788831","286874114293666114362091820468029395819","268613525113223715935043355059855888777"]}},{"signature_type":"Line","target":{"file":"services/credentials/java/com/android/server/credentials/CredentialManagerService.java"},"source":"https://googleplex-android.googlesource.com/platform/frameworks/base/+/b3d70aab1515d583aeebbcb6440f6c790502bc8f","signature_version":"v1","id":"ASB-A-370477460-917a26fe","deprecated":false,"digest":{"threshold":0.9,"line_hashes":["294556720075634146300425597340122841828","90793012494006606017258158541640781365","97749042758621175815391654306987194832","101960069846889984910234314243966121830","320810386766007999778854466970094456268","333625407339821920590291403358576209553","75647674855785864753358257927490063485","17805037355155651898019607365927712338","158402834976305611152794025531879690734","336497536153595433765840726211008102575","165321994036957312199336791105738289515","294760754193077874303212972921049950708","267794578826483153022066567197407972603","311542086325215696765338073257917747731","325035756328539981777024368496728811270","278335170656956473724740197892661750046","122172033690423233593368373914572717772","189787889139512175614560825707538111501","132321631012410350267449429669554266755","295735070461910487940551481179063697500","206211708640655668920721024898383145301","290511400841065439310849293791419456168","144314226689992780204890886075485089777","158397633145467768248259303451638145780","240563913664550238722470443331662439133","309995766658977711564242172513886115116","48410371029172638552172612027336219906","209887081086163599045060986967779441814","23572457626973554471107450708832384939","132790166677659262632644919723658733797","320699273051755864104454535962759683845","157073551821047431470484239279069548756","120390902282659605038760987506940073851"]}},{"signature_type":"Function","target":{"function":"getCandidateCredentials","file":"services/credentials/java/com/android/server/credentials/CredentialManagerService.java"},"source":"https://googleplex-android.googlesource.com/platform/frameworks/base/+/571a97ade14d3e008172a1c084bf7331f6fc8875","signature_version":"v1","id":"ASB-A-370477460-a5393f29","deprecated":false,"digest":{"length":1064,"function_hash":"85506144085095692283384990131351925646"}},{"signature_type":"Function","target":{"function":"getCandidateCredentials","file":"services/credentials/java/com/android/server/credentials/CredentialManagerService.java"},"source":"https://googleplex-android.googlesource.com/platform/frameworks/base/+/b3d70aab1515d583aeebbcb6440f6c790502bc8f","signature_version":"v1","id":"ASB-A-370477460-c54a4b8e","deprecated":false,"digest":{"length":1862,"function_hash":"54443720056020423120503886143177111405"}}],"types":["ID"],"spl":"2025-06-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv-test/ASB-A-370477460.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"15:0"},{"fixed":"15:2025-06-01"}]}],"versions":["15"],"ecosystem_specific":{"severity":"High","fixes":["https://googleplex-android.googlesource.com/platform/frameworks/base/+/e61320b6fcca1b6f0fe60078cc27fcc844a63f12"],"vanir_signatures":[{"signature_type":"Function","target":{"function":"getCandidateCredentials","file":"services/credentials/java/com/android/server/credentials/CredentialManagerService.java"},"source":"https://googleplex-android.googlesource.com/platform/frameworks/base/+/e61320b6fcca1b6f0fe60078cc27fcc844a63f12","signature_version":"v1","id":"ASB-A-370477460-083aea63","deprecated":false,"digest":{"length":1064,"function_hash":"85506144085095692283384990131351925646"}},{"signature_type":"Line","target":{"file":"services/credentials/java/com/android/server/credentials/CredentialManagerService.java"},"source":"https://googleplex-android.googlesource.com/platform/frameworks/base/+/e61320b6fcca1b6f0fe60078cc27fcc844a63f12","signature_version":"v1","id":"ASB-A-370477460-be52466b","deprecated":false,"digest":{"threshold":0.9,"line_hashes":["138577848234341603437095609589561053688","55991586641641286659296986824021752837","68858622012237976314078123664975942140","18481188494246600912364260583610353341","339794184165844137590346342789191757060","70771956055940442514103611574301114154","274392003005117655454855067371589433834","207043211942330825131371115835424927412","142280056840589166469166032296599249750","85859684829694125647308804128709788831","286874114293666114362091820468029395819","268613525113223715935043355059855888777"]}}],"types":["ID"],"spl":"2025-06-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv-test/ASB-A-370477460.json"}}],"schema_version":"1.7.5"}