{"id":84697,"date":"2025-10-27T08:35:52","date_gmt":"2025-10-27T08:35:52","guid":{"rendered":""},"modified":"2025-10-29T10:23:33","modified_gmt":"2025-10-29T16:23:33","slug":"cve-2025-26435-vulnerability-in-contentprotectiontogglepreferencecontroller-java-allowing-secondary-users-to-disable-primary-user-s-app-scanning","status":"publish","type":"post","link":"https:\/\/www.ameeba.com\/blog\/cve-2025-26435-vulnerability-in-contentprotectiontogglepreferencecontroller-java-allowing-secondary-users-to-disable-primary-user-s-app-scanning\/","title":{"rendered":"CVE-2025-26435: Vulnerability in ContentProtectionTogglePreferenceController.java allowing secondary users to disable primary user’s app scanning<\/strong>"},"content":{"rendered":"

Overview<\/strong><\/p>\n

A vulnerability has been identified in the updateState function of ContentProtectionTogglePreferenceController.java that can potentially enable a secondary user to disable the primary user’s deceptive app scanning settings. This vulnerability is a serious concern, as it could lead to local escalation of privilege, compromising system security and potentially leading to data leakage. It is particularly worrisome as it requires no additional execution privileges or user interaction for exploitation.<\/p>\n

Vulnerability Summary<\/strong><\/p>\n

CVE ID: CVE-2025-26435
\nSeverity: High (CVSS: 7.8)
\nAttack Vector: Local
\nPrivileges Required: None
\nUser Interaction: None
\nImpact: Local escalation of privilege potentially leading to system<\/a> compromise or data leakage<\/p>\n

Affected Products<\/strong><\/p>

\r\n

\r\n \r\n \"Ameeba\r\n <\/a>\r\n A new way to communicate\r\n <\/h2>\r\n\r\n

\r\n Ameeba Chat is built on encrypted identity, not personal profiles.\r\n <\/p>\r\n\r\n

\r\n Message, call, share files, and coordinate with identities kept separate.\r\n <\/p>\r\n\r\n