A critical vulnerability, CVE-2025-36904, has been discovered in the WLAN component of Google Pixel devices running Android. This flaw allows an attacker to gain elevated privileges on a targeted device, potentially leading to a complete system compromise, data theft, and unauthorized access to corporate resources. Due to the critical severity (CVSS 9.8), immediate patching is required to mitigate significant security risks.

The vulnerability is an elevation of privilege flaw within the WLAN (Wi-Fi) component. A remote attacker on the same local network could potentially exploit this vulnerability by sending specially crafted wireless packets to a targeted device. Successful exploitation could lead to the execution of arbitrary code with elevated, possibly kernel-level, privileges, allowing the attacker to bypass standard Android security controls and gain complete control over the device. The high CVSS score indicates that the attack likely requires no user interaction and can be executed with low complexity.

This vulnerability presents a critical risk to the organization, as indicated by its CVSS score of 9.8. Successful exploitation could lead to a full compromise of affected Google Pixel devices used by employees. Potential consequences include the theft of sensitive corporate data (emails, documents, credentials), installation of persistent spyware for long-term surveillance, unauthorized access to corporate networks the device connects to, and the ability to use the compromised device to launch further attacks. The reputational damage and financial loss resulting from a data breach originating from a compromised mobile device could be substantial.

Immediate Action: The primary remediation is to apply the security updates provided by Google. Administrators should ensure all corporate-managed Google Pixel devices are updated to the Android security patch level of 2025-09-05 or later as soon as possible. Over-the-air (OTA) updates should be enforced through mobile device management (MDM) solutions where applicable.

Proactive Monitoring: Security teams should monitor network traffic for unusual patterns associated with Wi-Fi communications, such as malformed packets or unexpected connection attempts to and from Pixel devices. On the endpoint, monitor for signs of compromise, including unexpected reboots, abnormal battery drain, installation of unauthorized applications, or unusual process activity. Reviewing logs from MDM and network security solutions for anomalies related to these devices is also recommended.

Compensating Controls: If immediate patching is not feasible, consider implementing compensating controls. Restrict the use of affected devices on untrusted or public Wi-Fi networks. Enforce the use of a corporate VPN to encrypt all traffic, which may reduce the attack surface from adjacent network attackers. Employ Mobile Threat Defense (MTD) solutions capable of detecting and blocking network-based attacks and anomalous device behavior.

Public Exploit Available: false

Due to the critical severity of this vulnerability (CVSS 9.8), immediate action is required. We strongly recommend that all Google Pixel devices within the organization be patched to the September 2025 Android security level or later without delay. The potential for a complete device compromise represents a significant risk to corporate data and network security. While this vulnerability is not yet listed on the CISA KEV catalog, its high impact and potential for remote exploitation make it an attractive target for attackers, and patching should be treated as the highest priority.