Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Local app on device (AV:L), no special conditions (AC:L), requires unprivileged app install so PR:L, no user interaction, full impact via privileged NFC action.
Primary rating from Vendor (google_android).
CVSS VectorVendor: google_android
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
2DescriptionCVE.org
In NFC, there is a possible way to spoof an NFC event due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
AnalysisAI
Local privilege escalation in Google Android's NFC subsystem allows an unprivileged local app to spoof NFC events because of a missing permission check, granting capabilities normally reserved for privileged components. No user interaction is required, and no public exploit has been identified at time of analysis, though the issue is tracked in the Android Security Bulletin for Android 17. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Attacker must have code execution as an unprivileged local app on the target Android device (e.g., a sideloaded or malicious Play-distributed app); no NFC permission, no root, and no user interaction are required, and the NFC subsystem must be present and enabled in the device build. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | Signals are mixed and should be interpreted with care. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | A user installs a seemingly benign app from a sideload or low-reputation store; the app, holding no NFC-related permissions, invokes the unchecked code path to dispatch or receive spoofed NFC events to a privileged system handler. The handler acts on the forged event - for example, triggering a payment-related intent or a tag-dispatch flow tied to elevated capabilities - giving the app effective access it should not have. … |
| Remediation | Apply the Android security patch level referenced in the Android Security Bulletin at https://source.android.com/docs/security/bulletin/android-17 - Patch available per vendor advisory; an exact fixed build string was not included in the input data, so administrators should match their device's security patch level to the bulletin's listed SPL. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Identify and inventory all Android devices with NFC capability; document current OS versions and device deployment locations. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Same weakness CWE-862 – Missing Authorization
View allSame technique Privilege Escalation
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-37568