CVE-2025-22431

MEDIUM

Google Android - Denial of Service

Title source: rule

Description

In multiple locations, there is a possible method for a malicious app to prevent dialing emergency services under limited circumstances due to a logic error in the code. This could lead to local denial of service until the phone reboots with no additional execution privileges needed. User interaction is not needed for exploitation.

References (2)

[Product] https://android.googlesource.com/platform/frameworks/base/+/79211e094a7363f28a06cea2737aa815339911ad

[Vendor Advisory] https://source.android.com/security/bulletin/2025-04-01

Scores

CVSS v3 5.5

EPSS 0.0001

EPSS Percentile 1.9%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Classification

CWE

CWE-693

Status published

Affected Products (3)

google/android

Timeline

Published Sep 02, 2025

Tracked Since Feb 18, 2026