Cyber Resilience

CVE-2025-0075

Critical

Published: 26 August 2025

Published
26 August 2025
Modified
02 September 2025
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0178 83.1th percentile
Risk Priority 21 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-0075 is a critical-severity Use After Free (CWE-416) vulnerability in Google Android. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation of Remote Services (T1210); ranked in the top 16.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and SI-16 (Memory Protection).

Deeper analysis

CVE-2025-0075 is a use-after-free vulnerability in the function process_service_search_attr_req within sdp_server.cc of Android's Bluetooth module. The flaw resides in the Bluetooth stack shipped as part of packages/modules/Bluetooth and carries a CVSS 3.1 base score of 9.8, reflecting network-accessible attack vectors that require neither credentials nor user interaction.

An unauthenticated attacker can send specially crafted SDP service-search-attribute requests over Bluetooth to trigger the use-after-free condition, resulting in arbitrary code execution on the target device. Successful exploitation grants the attacker full control of the Bluetooth process with no additional privileges required.

The official Android security bulletin dated 2025-03-01 and the corresponding AOSP commit 5959f8bcf4efe924b0ba4dbcbfe83e602f0eb0ac address the issue through patches that eliminate the dangling reference. Devices should be updated to the March 2025 security patch level or later to receive the fix.

EPSS remains low at 0.0178 with no material increase since disclosure, indicating limited observed exploitation interest to date.

EU & UK References

Vulnerability details

In process_service_search_attr_req of sdp_server.cc, there is a possible way to execute arbitrary code due to a use after free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1210 Exploitation of Remote Services Lateral Movement
Adversaries may exploit remote services to gain unauthorized access to internal systems once inside of a network.
Why these techniques?

Use-after-free RCE in Android Bluetooth SDP server directly enables remote exploitation of a network-accessible service for arbitrary code execution.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-22411Same product: Google Android
CVE-2025-22412Same product: Google Android
CVE-2025-22408Same product: Google Android
CVE-2025-22403Same product: Google Android
CVE-2024-40651Same product: Google Android
CVE-2024-40649Same product: Google Android
CVE-2025-22410Same product: Google Android
CVE-2025-0074Same product: Google Android
CVE-2025-48543Same product: Google Android
CVE-2024-40669Same product: Google Android

Affected Assets

google
android
15.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Requires timely remediation of the use-after-free flaw in the Bluetooth SDP server through patching as specified in the Android Security Bulletin.

prevent

Implements system memory protections such as randomization and non-executable data to mitigate remote code execution from the use-after-free vulnerability.

prevent

Ensures receipt and implementation of security advisories like the March 2025 Android bulletin detailing the patch for this CVE.

References