ASB-A-411418366 — Vulnetix

ASB-A-411418366 PUBLISHED

In onCreate of FaceSettings.java, there is a possible way to remove biometric unlock across user profiles due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Affected Products

Vendor	Product	Versions
platform	packages/apps/Settings	14, 16-next:0, 16-next

Timeline

Sep 1, 2025 CVE Published
May 15, 2026 CVE Updated

References

https://source.android.com/security/bulletin/2025-09-01 advisory
https://android.googlesource.com/platform/packages/apps/Settings/+/2aa27461a40b17462e57801d790545a7aeb897be patch

Open in Interactive Console →