Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Local because a malicious app must be installed (AV:L); low app privileges suffice (PR:L); no user interaction; impact limited to unauthorized call initiation, not full device compromise.
Primary rating from Vendor (google_android).
CVSS VectorVendor: google_android
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
2DescriptionCVE.org
In Telecomm, there is a possible way to initiate an unauthorized phone call due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
AnalysisAI
Local privilege escalation in Google Android's Telecomm component allows applications to initiate unauthorized phone calls by bypassing permission checks, with no user interaction required. The flaw is reported through the Android Security Bulletin for Android 17 and carries a CVSS 4.0 score of 10.0, though no public exploit identified at time of analysis. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Requires a malicious application already installed and running on the target Android device - the description characterizes this as 'local escalation of privilege,' so a network-only attacker cannot trigger it without first landing code on the device. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The signals are conflicting and warrant skepticism of the headline 10.0 score. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | A malicious app published to a third-party store, or sideloaded via social engineering, declares no telephony permissions (avoiding install-time scrutiny) and at runtime calls into the Telecomm API surface to place outbound calls to premium-rate or attacker-controlled numbers without prompting the user. With UI:N this can occur silently in the background, enabling toll fraud, exfiltration via DTMF, or use as a stepping stone to escalate within the telephony stack. |
| Remediation | Apply patch available per vendor advisory by installing the Android security patch level corresponding to the Android 17 bulletin at https://source.android.com/docs/security/bulletin/android-17 - on Pixel devices this arrives via OTA, and on OEM devices it will follow each vendor's rollout schedule. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Conduct comprehensive audit of Android 17 device inventory using MDM tools and assess organizational exposure. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Same weakness CWE-862 – Missing Authorization
View allSame technique Privilege Escalation
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-37572