CVE-2025-0075
Published: 26 August 2025
Summary
CVE-2025-0075 is a critical-severity Use After Free (CWE-416) vulnerability in Google Android. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation of Remote Services (T1210); ranked in the top 17.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and SI-16 (Memory Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Requires timely remediation of the use-after-free flaw in the Bluetooth SDP server through patching as specified in the Android Security Bulletin.
Implements system memory protections such as randomization and non-executable data to mitigate remote code execution from the use-after-free vulnerability.
Ensures receipt and implementation of security advisories like the March 2025 Android bulletin detailing the patch for this CVE.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Use-after-free RCE in Android Bluetooth SDP server directly enables remote exploitation of a network-accessible service for arbitrary code execution.
NVD Description
In process_service_search_attr_req of sdp_server.cc, there is a possible way to execute arbitrary code due to a use after free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
Deeper analysisAI
CVE-2025-0075 is a use-after-free vulnerability (CWE-416) in the `process_service_search_attr_req` function within `sdp_server.cc`, part of the Android platform's Bluetooth module located at `packages/modules/Bluetooth`. This flaw enables remote code execution without requiring additional execution privileges. The vulnerability carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity due to its network accessibility, low complexity, and lack of prerequisites.
A remote attacker can exploit this vulnerability over the network without user interaction by triggering the use-after-free condition in the SDP server during service attribute searches. Successful exploitation leads to arbitrary code execution in the context of the Bluetooth service, potentially compromising the affected device.
The Android Security Bulletin for March 2025 details the issue and recommends applying the available patch. A specific fix is committed in the Android source repository at https://android.googlesource.com/platform/packages/modules/Bluetooth/+/5959f8bcf4efe924b0ba4dbcbfe83e602f0eb0ac, addressing the use-after-free in the SDP server implementation. Security practitioners should ensure devices receive the March 2025 monthly updates.
Details
- CWE(s)