CVE-2025-20636

CVSS 3.1 Score 6.7 of 10 (medium)

Details

Published Feb 3, 2025

Updated: Feb 18, 2025

CWE ID 787

Summary

CVE-2025-20636 is a vulnerability affecting the secmem software, where a missing bounds check leads to a possible out-of-bounds write issue. This defect could enable a malicious actor with System privileges to escalate their access without requiring user interaction. The vulnerability, identified as ALPS09403554 and MSV-2431, necessitates patching to prevent potential misuse and privilege escalation.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Android

Affected Vendors

Google

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/3BDR6x
https://www.cve.org/CVERecord?id=CVE-2025-20636
https://nvd.nist.gov/vuln/detail/CVE-2025-20636

Back to Vulnerability Database