Pixel 10 0-Click Exploit Chain: Re-Targeting CVE-2025-54957 for Root

Overview: Pixel 10 Zero-Click Root Exploit Chain

Threat intelligence analysts at Runtime Rebel are issuing a critical alert regarding a recently demonstrated Zero-Day exploit chain capable of achieving 0-click root on Google Pixel 10 devices. This advanced TTP, detailed by Project Zero, represents a significant security risk, allowing attackers to gain full control over affected devices without any user interaction.

The research follows previous efforts to develop a similar exploit chain for the Pixel 9, which also leveraged a 0-click context to achieve root privileges using just two exploits. While the original Dolby 0-click vulnerability (affecting all of Android) was **patch**ed in January 2026, the new findings highlight the persistent challenge of securing complex mobile operating systems against determined adversaries. This demonstration serves as a stark reminder of the sophisticated methods employed by attackers to bypass modern security measures.

Technical Details: Exploiting CVE-2025-54957 on Google Pixel 10

The core of this exploit chain for the Pixel 10 centers on successfully re-targeting an existing vulnerability, specifically CVE-2025-54957, identified as a Dolby 0-click flaw. The original exploit chain for the Pixel 9 relied on this CVE. Adapting this exploit to the newer Pixel 10 required specific modifications but was largely a straightforward process, primarily involving updates to memory offsets.

Key technical challenges in exploiting CVE-2025-54957 on Google Pixel 10 included:

• Offset Adjustments: The majority of the work involved recalculating offsets for the specific version of the Dolby library present on the Pixel 10, differing from the Pixel 9. This highlights the precision required for low-level exploitation.
• Security Feature Bypass: The Pixel 10 introduces RET PAC in place of -fstack-protector, a significant change in memory protection mechanisms. This meant the __stack_chk_fail function, previously a target for overwriting, was no longer available. Researchers instead identified dap_cpdp_init, an initialization code segment, as a suitable target. This function is called only once during decoder initialization, allowing it to be overwritten without causing functional issues for the device but providing a critical hook for exploit execution.

This demonstration underlines the persistent nature of vulnerabilities even after initial patching, as attackers or researchers can often find ways to adapt exploits to newer hardware or software versions, bypassing new security mitigations like RET PAC through careful analysis of device-specific characteristics.

Impact and Analysis: Pixel 10 Security Vulnerability Analysis

A 0-click root exploit on a flagship device like the Google Pixel 10 represents a critical security event. The absence of any user interaction requirement means that an attacker can compromise a device stealthily and remotely. This is particularly concerning for high-value targets such as journalists, activists, or government officials, who are frequently the targets of sophisticated surveillance operations. The ability to gain root access grants an attacker complete control over the device, enabling data exfiltration, arbitrary code execution, and persistent monitoring.

This Pixel 10 security vulnerability analysis confirms that even with advanced security features like RET PAC, determined adversaries can identify and exploit weaknesses. The fact that an existing vulnerability (CVE-2025-54957) could be adapted for the Pixel 10, despite an earlier patch for its original manifestation, underscores the need for continuous, in-depth security research and rapid patch deployment across the entire Android ecosystem.

Recommendations and Mitigations

Organizations and individual users of Google Pixel 10 devices must prioritize the following actions to protect against this critical threat and for mitigating 0-click exploits on Android devices:

• Immediate Patching: Ensure all Google Pixel 10 devices are updated to the absolute latest security patch level. Monitor Google’s official security bulletins for specific advisories related to CVE-2025-54957 or any subsequent patches addressing this exploit chain.
• Regular Software Updates: Implement a strict policy for regular software and security updates across all mobile devices. Prompt application of patches is the most effective defense against known vulnerabilities.
• Principle of Least Privilege: Even though this is a 0-click vulnerability, adhering to the principle of least privilege for all applications and user accounts can help limit post-exploitation damage.
• Network Segmentation: For enterprise environments, consider segmenting mobile devices onto dedicated networks to limit potential Lateral Movement should a device be compromised.
• Enhanced Monitoring: Implement comprehensive mobile EDR (Endpoint Detection and Response) solutions and SIEM (Security Information and Event Management) systems to detect unusual activity or potential indicators of compromise (**IoC**s) related to this type of exploitation. Anomalies in network traffic or system behavior on Pixel 10 devices should be immediately investigated.
• Zero Trust Architecture: Adopt a Zero Trust security model, extending security controls to every user, device, and application regardless of location, assuming breach and continuously verifying trust.