Details of VAR-202505-2437

ID

VAR-202505-2437

CVE

CVE-2025-27700

TITLE

Google Pixel Privilege Escalation Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2025-11246

DESCRIPTION

There is a possible bypass of carrier restrictions due to an unusual root cause. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Google Pixel is a smartphone produced by Google in the United States

Trust: 1.44

sources: NVD: CVE-2025-27700 // CNVD: CNVD-2025-11246

IOT TAXONOMY

category:

['IoT']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-11246

AFFECTED PRODUCTS

vendor:

google

model:

pixel

scope:

version:

Trust: 0.6

sources: CNVD: CNVD-2025-11246

CVSS

SEVERITY

CVSSV2

CVSSV3

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2025-27700
value:	HIGH
Trust: 1.0
CNVD:	CNVD-2025-11246
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2025-11246
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2025-27700
baseSeverity:	HIGH
baseScore:	8.4
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.5
impactScore:	5.9
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2025-11246 // NVD: CVE-2025-27700

PROBLEMTYPE DATA

problemtype:

CWE-693

Trust: 1.0

sources: NVD: CVE-2025-27700

PATCH

title:

Patch for Google Pixel Privilege Escalation Vulnerability

url:

https://www.cnvd.org.cn/patchInfo/show/693851

Trust: 0.6

sources: CNVD: CNVD-2025-11246

EXTERNAL IDS

db:	NVD	id:	CVE-2025-27700	Trust: 1.6
db:	CNVD	id:	CNVD-2025-11246	Trust: 0.6

sources: CNVD: CNVD-2025-11246 // NVD: CVE-2025-27700

REFERENCES

url:

https://source.android.com/security/bulletin/pixel/2025-05-01

Trust: 1.6

sources: CNVD: CNVD-2025-11246 // NVD: CVE-2025-27700

SOURCES

db:	CNVD	id:	CNVD-2025-11246
db:	NVD	id:	CVE-2025-27700

LAST UPDATE DATE

2025-06-05T23:12:47.615000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-11246	date:	2025-06-03T00:00:00
db:	NVD	id:	CVE-2025-27700	date:	2025-05-28T15:01:30.720

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-11246	date:	2025-06-03T00:00:00
db:	NVD	id:	CVE-2025-27700	date:	2025-05-27T16:15:31.273