CVE-2025-32350: 
NixOS vulnerability analysis and mitigation

CVE-2025-32350 is a local privilege escalation vulnerability discovered in the Android Framework, affecting Android versions 14, 15, and 16. The vulnerability was disclosed on September 4, 2025, and was addressed in Google's September 2025 Android security update (ASEC Advisory, CIS Advisory).

The vulnerability exists in the Android Framework component and is classified as a local privilege escalation issue. It has been assigned a CVSS v3.1 Base Score of 8.8 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, indicating network accessibility, low attack complexity, and high impact on confidentiality, integrity, and availability (NVD).

Successful exploitation of this vulnerability could allow an attacker to elevate privileges within the Android system. The high CVSS score indicates that the vulnerability could potentially lead to complete compromise of system confidentiality, integrity, and availability, affecting both enterprise and personal Android devices (CIS Advisory).

Google has released patches for this vulnerability as part of the September 2025 Android security update. Users and organizations are strongly advised to update their Android devices to the latest available security patch level. The update is available for Android versions 14, 15, and 16 (CIS Advisory).