CVE-2025-36911 Overview
CVE-2025-36911 is an information disclosure vulnerability affecting Google Android's key-based pairing mechanism. A logic error in the pairing code allows attackers within adjacent network proximity to remotely access sensitive user information, including conversations and location data, without requiring any user interaction or additional execution privileges.
Critical Impact
This vulnerability enables unauthorized disclosure of user conversations and location data through proximity-based attacks against the key-based pairing mechanism without requiring user interaction.
Affected Products
- Google Android (all versions prior to the January 2026 security patch)
Discovery Timeline
- 2026-01-15 - CVE-2025-36911 published to NVD
- 2026-01-21 - Last updated in NVD database
Technical Details for CVE-2025-36911
Vulnerability Analysis
This vulnerability stems from a fundamental logic error in the key-based pairing implementation within Google Android. The flaw allows attackers who are within adjacent network range (such as the same local network segment or Bluetooth range) to exploit the pairing mechanism and gain unauthorized access to sensitive user data.
The vulnerability is particularly concerning because it requires no user interaction to exploit. An attacker positioned within proximity to a vulnerable device can silently extract conversations and location information without the device owner's knowledge or consent. The attack does not require any special privileges or authentication, making it accessible to any attacker who can establish adjacent network connectivity.
The impact primarily affects confidentiality with potential for some integrity compromise. While the vulnerability does not allow arbitrary code execution, the exposure of private conversations and real-time location data represents a significant privacy breach that could enable stalking, corporate espionage, or targeted social engineering attacks.
Root Cause
The root cause is a logic error in the code handling key-based pairing operations. This implementation flaw fails to properly validate or authenticate pairing requests, allowing adjacent network attackers to bypass intended security controls and establish unauthorized connections that expose sensitive user data.
Attack Vector
The attack vector requires the adversary to be on an adjacent network, meaning they must be in proximity to the target device—either on the same network segment, within Bluetooth range, or through similar local communication channels. From this position, the attacker can exploit the flawed key-based pairing logic to intercept or access user conversations and location data. The attack is fully automated once the attacker is in range, requiring no actions from the victim.
Detection Methods for CVE-2025-36911
Indicators of Compromise
- Unexpected or unauthorized pairing events in device logs or Bluetooth activity
- Anomalous network traffic patterns on local network segments indicative of data exfiltration
- Unusual battery drain or background activity that may indicate unauthorized connections
Detection Strategies
- Monitor for unexpected pairing requests or connections in Android system logs
- Implement network monitoring to detect suspicious adjacent network activity targeting mobile devices
- Review device pairing history for unrecognized or unauthorized device connections
Monitoring Recommendations
- Enable verbose logging for Bluetooth and network pairing events on managed Android devices
- Deploy mobile threat detection solutions capable of identifying proximity-based attacks
- Establish baseline device behavior patterns to detect anomalous connection activity
How to Mitigate CVE-2025-36911
Immediate Actions Required
- Apply the January 2026 Android security patch as soon as it becomes available for your device
- Disable unnecessary pairing features when in untrusted environments
- Avoid connecting to unknown networks or enabling Bluetooth in high-risk locations until patched
Patch Information
Google has addressed this vulnerability in the Android Security Bulletin January 2026. Users should update their Android devices to the latest security patch level released on or after January 1, 2026. The patch corrects the logic error in the key-based pairing code to prevent unauthorized information disclosure.
Workarounds
- Disable Bluetooth and proximity-based pairing features when not actively in use
- Avoid using the device in untrusted physical environments where adjacent network attacks are more feasible
- Consider using a VPN and keeping the device in airplane mode with only necessary radios enabled in sensitive situations
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
