CVE-2025-26443

HIGH

Android - Local Privilege Escalation via HtmlToSpannedParser Logic Error

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-26443. PoCs published by Pazhanivelmani.

AI-analyzed exploit summary This repository contains a proof-of-concept exploit for CVE-2025-26443, targeting Android's ManagedProvisioning component. The exploit leverages a vulnerability in the TrampolineActivity class to manipulate intent handling, potentially leading to privilege escalation or unauthorized activity starts.

Description

In parseHtml of HtmlToSpannedParser.java, there is a possible way to install apps without allowing installation from unknown sources due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

Exploits (1)

nomisec WORKING POC
by Pazhanivelmani · poc
https://github.com/Pazhanivelmani/ManagedProvisioning-A10_r33_CVE-2025-26443

This repository contains a proof-of-concept exploit for CVE-2025-26443, targeting Android's ManagedProvisioning component. The exploit leverages a vulnerability in the TrampolineActivity class to manipulate intent handling, potentially leading to privilege escalation or unauthorized activity starts.

Classification
Working Poc 80%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: Android ManagedProvisioning (A10_r33)
No auth needed
Prerequisites: Access to the target Android device · Ability to send malicious intents
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Scores

CVSS v3 7.3
EPSS 0.0013
EPSS Percentile 3.0%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-693
Status published
Products (3)
google/android 13.0
google/android 14.0
google/android 15.0
Published Sep 04, 2025
Tracked Since Feb 18, 2026