Cyber Posture

CVE-2024-45434

CriticalPublic PoC

Published: 12 September 2025

Published
12 September 2025
Modified
02 October 2025
KEV Added
Patch
CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0188 83.3th percentile
Risk Priority 21 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-45434 is a critical-severity Use After Free (CWE-416) vulnerability in Opensynergy Blue Sdk. Its CVSS base score is 9.8 (Critical).

Operationally, ranked in the top 16.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Requires timely identification, reporting, and correction of the use-after-free flaw in the BlueSDK Bluetooth stack to prevent remote code execution.

SI-16 Memory Protection good match
prevent

Implements memory protection mechanisms such as ASLR and non-executable memory that directly mitigate exploitation of the use-after-free vulnerability.

AC-18 Wireless Access partial match
prevent

Establishes usage restrictions and authorizations for wireless access, limiting remote network-based exploitation of the Bluetooth stack vulnerability.

NVD Description

OpenSynergy BlueSDK (aka Blue SDK) through 6.x has a Use-After-Free. The specific flaw exists within the BlueSDK Bluetooth stack. The issue results from the lack of validating the existence of an object before performing operations on the object (aka use…

more

after free). An attacker can leverage this to achieve remote code execution in the context of a user account under which the Bluetooth process runs.

Deeper analysisAI

CVE-2024-45434 is a Use-After-Free vulnerability (CWE-416) affecting OpenSynergy BlueSDK, also known as Blue SDK, through version 6.x. The flaw resides in the BlueSDK Bluetooth stack, where the software fails to validate the existence of an object prior to performing operations on it, leading to use-after-free conditions. This issue has a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity due to its potential for high-impact exploitation.

The vulnerability can be exploited remotely over the network by any unauthenticated attacker with network access to the target Bluetooth stack, requiring low complexity and no user interaction. Successful exploitation allows the attacker to achieve remote code execution in the context of the user account under which the Bluetooth process runs, potentially leading to full compromise of the affected system.

For mitigation details, refer to advisories such as the one published by PCA Cybersecurity at https://pcacybersecurity.com/resources/advisory/perfekt-blue and the vendor site at https://www.opensynergy.com/. The vulnerability was published on 2025-09-12.

Details

CWE(s)
CWE-416

Affected Products

opensynergy
blue sdk
≤ 6.0.1

CVEs Like This One

CVE-2026-6754Shared CWE-416
CVE-2026-7334Shared CWE-416
CVE-2026-4691Shared CWE-416
CVE-2024-55549Shared CWE-416
CVE-2025-0762Shared CWE-416
CVE-2025-11756Shared CWE-416
CVE-2026-5278Shared CWE-416
CVE-2025-11460Shared CWE-416
CVE-2026-5883Shared CWE-416
CVE-2026-2758Shared CWE-416

References