CVE-2025-26419: 
NixOS vulnerability analysis and mitigation

CVE-2025-26419 is a vulnerability discovered in Android's SystemSettingsFragment.java component, specifically in the initPhoneSwitch function. The vulnerability was disclosed on September 04, 2025, and affects Android versions 13 and 14. This security issue has been assigned a CVSS v3 Base Score of 3.3 (Low severity) (AttackerKB).

The vulnerability exists due to a logic error in the initPhoneSwitch function within SystemSettingsFragment.java, which could potentially lead to a Factory Reset Protection (FRP) bypass. The vulnerability has been assessed with a CVSS v3.1 vector of AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N, indicating local attack vector, low attack complexity, no privileges required, and user interaction required (AttackerKB).

If exploited, this vulnerability could lead to a local escalation of privilege. The impact is primarily focused on confidentiality with a low impact score, while integrity and availability are not affected. The successful exploitation could allow an attacker to bypass Factory Reset Protection (AttackerKB).

The vulnerability affects Android 13 and 14. Users should refer to the Android Security Bulletin for patch information and apply any available security updates (Android Security Bulletin).