CVE-2025-36911 | THREATINT

Description

In key-based pairing, there is a possible ID due to a logic error in the code. This could lead to remote (proximal/adjacent) information disclosure of user's conversations and location with no additional execution privileges needed. User interaction is not needed for exploitation.

PUBLISHED Reserved 2025-04-16 | Published 2026-01-15 | Updated 2026-01-28 | Assigner Google_Devices

Problem types

Information disclosure

Product status

Default status

unaffected

Android kernel

affected

References

whisperpair.eu/ third-party-advisory

source.android.com/...ecurity/bulletin/pixel/2026/2026-01-01 vendor-advisory

cve.org (CVE-2025-36911)

nvd.nist.gov (CVE-2025-36911)

Download JSON