ASB-A-368319929
See a problem?- Import Source
- https://storage.googleapis.com/android-osv-test/ASB-A-368319929.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/ASB-A-368319929
- Aliases
-
- A-368319929
- CVE-2025-26443
- Published
- 2025-06-01T00:00:00Z
- Modified
- 2025-08-07T04:57:15.280244Z
- Summary
- [none]
- Details
-
In parseHtml of HtmlToSpannedParser.java, there is a possible way to install apps without allowing installation from unknown sources due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
- References
Affected packages
Android
platform/packages/apps/ManagedProvisioning
Package
- Name
- platform/packages/apps/ManagedProvisioning
Ecosystem specific
{
"types": [
"EoP"
],
"spl": "2025-06-01",
"severity": "High",
"vanir_signatures": [
{
"signature_version": "v1",
"deprecated": false,
"target": {
"file": "src/com/android/managedprovisioning/common/HtmlToSpannedParser.java"
},
"digest": {
"line_hashes": [
"238110224483519208715874075044440318371",
"208829958817704955059987860954581187486",
"253917135026050978917009288666732918307",
"325713891578664070558632078703955481539",
"321248701237613253963258772152475489452",
"204194112767795491220064057337161086957",
"4583501986742992134235176134695425300",
"135985893448324174782556650846740488832",
"104719656400448530773207274353833270126",
"274217612757608636518308689046642569688",
"67166614523613521218711957331509930352"
],
"threshold": 0.9
},
"signature_type": "Line",
"source": "https://googleplex-android.googlesource.com/platform/packages/apps/ManagedProvisioning/+/0eb898e8737fe208d48812cfa45bad243deea55e",
"id": "ASB-A-368319929-20a435dc"
},
{
"signature_version": "v1",
"deprecated": false,
"target": {
"function": "parseHtml",
"file": "src/com/android/managedprovisioning/common/HtmlToSpannedParser.java"
},
"digest": {
"function_hash": "124269671373407116152009062505619559059",
"length": 590.0
},
"signature_type": "Function",
"source": "https://googleplex-android.googlesource.com/platform/packages/apps/ManagedProvisioning/+/0eb898e8737fe208d48812cfa45bad243deea55e",
"id": "ASB-A-368319929-8db1d532"
}
],
"fixes": [
"https://googleplex-android.googlesource.com/platform/packages/apps/ManagedProvisioning/+/0eb898e8737fe208d48812cfa45bad243deea55e"
]
}platform/packages/apps/ManagedProvisioning
Package
- Name
- platform/packages/apps/ManagedProvisioning
Ecosystem specific
{
"types": [
"EoP"
],
"spl": "2025-06-01",
"severity": "High",
"vanir_signatures": [
{
"signature_version": "v1",
"deprecated": false,
"target": {
"function": "parseHtml",
"file": "src/com/android/managedprovisioning/common/HtmlToSpannedParser.java"
},
"digest": {
"function_hash": "124269671373407116152009062505619559059",
"length": 590.0
},
"signature_type": "Function",
"source": "https://googleplex-android.googlesource.com/platform/packages/apps/ManagedProvisioning/+/f6ffc1df5407791f3f23b535eb97663694bdf380",
"id": "ASB-A-368319929-1d553ccd"
},
{
"signature_version": "v1",
"deprecated": false,
"target": {
"file": "src/com/android/managedprovisioning/common/HtmlToSpannedParser.java"
},
"digest": {
"line_hashes": [
"238110224483519208715874075044440318371",
"208829958817704955059987860954581187486",
"253917135026050978917009288666732918307",
"325713891578664070558632078703955481539",
"321248701237613253963258772152475489452",
"204194112767795491220064057337161086957",
"4583501986742992134235176134695425300",
"135985893448324174782556650846740488832",
"104719656400448530773207274353833270126",
"274217612757608636518308689046642569688",
"67166614523613521218711957331509930352"
],
"threshold": 0.9
},
"signature_type": "Line",
"source": "https://googleplex-android.googlesource.com/platform/packages/apps/ManagedProvisioning/+/f6ffc1df5407791f3f23b535eb97663694bdf380",
"id": "ASB-A-368319929-7d7d9a3e"
}
],
"fixes": [
"https://googleplex-android.googlesource.com/platform/packages/apps/ManagedProvisioning/+/f6ffc1df5407791f3f23b535eb97663694bdf380"
]
}platform/packages/apps/ManagedProvisioning
Package
- Name
- platform/packages/apps/ManagedProvisioning
Ecosystem specific
{
"types": [
"EoP"
],
"spl": "2025-06-01",
"severity": "High",
"vanir_signatures": [
{
"signature_version": "v1",
"deprecated": false,
"target": {
"function": "parseHtml",
"file": "src/com/android/managedprovisioning/common/HtmlToSpannedParser.java"
},
"digest": {
"function_hash": "124269671373407116152009062505619559059",
"length": 590.0
},
"signature_type": "Function",
"source": "https://googleplex-android.googlesource.com/platform/packages/apps/ManagedProvisioning/+/38ea726daf6a6d33889ac1225372c8a4786fbfb6",
"id": "ASB-A-368319929-20920a58"
},
{
"signature_version": "v1",
"deprecated": false,
"target": {
"file": "src/com/android/managedprovisioning/common/HtmlToSpannedParser.java"
},
"digest": {
"line_hashes": [
"238110224483519208715874075044440318371",
"208829958817704955059987860954581187486",
"253917135026050978917009288666732918307",
"325713891578664070558632078703955481539",
"321248701237613253963258772152475489452",
"204194112767795491220064057337161086957",
"4583501986742992134235176134695425300",
"135985893448324174782556650846740488832",
"104719656400448530773207274353833270126",
"274217612757608636518308689046642569688",
"67166614523613521218711957331509930352"
],
"threshold": 0.9
},
"signature_type": "Line",
"source": "https://googleplex-android.googlesource.com/platform/packages/apps/ManagedProvisioning/+/38ea726daf6a6d33889ac1225372c8a4786fbfb6",
"id": "ASB-A-368319929-70a1152f"
}
],
"fixes": [
"https://googleplex-android.googlesource.com/platform/packages/apps/ManagedProvisioning/+/38ea726daf6a6d33889ac1225372c8a4786fbfb6"
]
}platform/packages/apps/ManagedProvisioning
Package
- Name
- platform/packages/apps/ManagedProvisioning
Ecosystem specific
{
"types": [
"EoP"
],
"spl": "2025-06-01",
"severity": "High",
"vanir_signatures": [
{
"signature_version": "v1",
"deprecated": false,
"target": {
"file": "src/com/android/managedprovisioning/common/HtmlToSpannedParser.java"
},
"digest": {
"line_hashes": [
"238110224483519208715874075044440318371",
"208829958817704955059987860954581187486",
"253917135026050978917009288666732918307",
"325713891578664070558632078703955481539",
"321248701237613253963258772152475489452",
"204194112767795491220064057337161086957",
"4583501986742992134235176134695425300",
"135985893448324174782556650846740488832",
"104719656400448530773207274353833270126",
"274217612757608636518308689046642569688",
"67166614523613521218711957331509930352"
],
"threshold": 0.9
},
"signature_type": "Line",
"source": "https://googleplex-android.googlesource.com/platform/packages/apps/ManagedProvisioning/+/fb3ac24b0cf78beb735c47316b73133a255c957d",
"id": "ASB-A-368319929-1482346e"
},
{
"signature_version": "v1",
"deprecated": false,
"target": {
"function": "parseHtml",
"file": "src/com/android/managedprovisioning/common/HtmlToSpannedParser.java"
},
"digest": {
"function_hash": "124269671373407116152009062505619559059",
"length": 590.0
},
"signature_type": "Function",
"source": "https://googleplex-android.googlesource.com/platform/packages/apps/ManagedProvisioning/+/fb3ac24b0cf78beb735c47316b73133a255c957d",
"id": "ASB-A-368319929-b5de9806"
}
],
"fixes": [
"https://googleplex-android.googlesource.com/platform/packages/apps/ManagedProvisioning/+/fb3ac24b0cf78beb735c47316b73133a255c957d"
]
}