CVE-2025-26450

Name of the Vulnerable Software and Affected Versions Android (affected versions not specified)

Description A flaw exists in IInputMethodSessionWrapper.java within the Android operating system. An untrusted application may inject key and motion events into the default Input Method Editor (IME) due to a missing permission check within the onInputEvent function. Successful exploitation could lead to local escalation of privilege without requiring additional execution privileges or user interaction.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.