VDB
ASB-A-193031925
ASB-A-193031925
PUBLISHED
CVSS 6.900000095367432 MEDIUM
In multiple functions of ConnectivityService.java, there is a possible way for a Wi-Fi AP to determine what site a device has connected to through a VPN due to side channel information disclosure. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
Risk Scores
CVSS 4.0
6.900000095367432
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| platform | packages/modules/Connectivity | 14, 14:0, 14 |
| platform | frameworks/libs/net | 14, 14:0, 14 |
Timeline
- Jan 1, 2025 CVE Published
- May 15, 2026 CVE Updated
References
- https://source.android.com/security/bulletin/2025-01-01 advisory
- https://android.googlesource.com/platform/frameworks/libs/net/+/e72c61380c52a4450970556e5936c5ec03fd66fb patch
- https://android.googlesource.com/platform/frameworks/libs/net/+/b20d67cbfc24a54dfe1dc9854bac61fdf52f7913 patch
- https://android.googlesource.com/platform/packages/modules/Connectivity/+/1a0dd8ccde71c2252132d60e5b897fa2f569cc76 patch
- https://android.googlesource.com/platform/packages/modules/Connectivity/+/4e80ab9ca5b9e7db8185cdde240ab0f01a2c0611 patch
- https://android.googlesource.com/platform/packages/modules/Connectivity/+/de7b97573ac92be4cff6ca71a1837b2fe0dcbbab patch
- https://android.googlesource.com/platform/packages/modules/Connectivity/+/c16addaec604d724cf5296f89e606d558128d0cc patch
- https://android.googlesource.com/platform/packages/modules/Connectivity/+/d5d5e5749316d31a63b9b8b132e273d29364401b patch
- https://android.googlesource.com/platform/packages/modules/Connectivity/+/9eb0da27c4ecff37f7b6d2328b8dee6ba766ad1a patch