Cyber Posture

CVE-2025-0084

High

Published: 26 August 2025

Published
26 August 2025
Modified
02 September 2025
KEV Added
Patch
CVSS Score 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0115 78.6th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-0084 is a high-severity Use After Free (CWE-416) vulnerability in Google Android. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked in the top 21.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 CM-7 (Least Functionality) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Client Execution (T1203). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Directly mitigates the use-after-free vulnerability in the Android Bluetooth stack by requiring timely remediation through application of the recommended upstream patch.

CM-7 Least Functionality good match
prevent

Prevents exploitation by configuring the system to disable non-essential Bluetooth HFP support, eliminating the condition required for the vulnerability to be triggered.

SI-16 Memory Protection partial match
prevent

Provides memory protection mechanisms that hinder exploitation of the use-after-free and out-of-bounds write leading to remote code execution.

MITRE ATT&CK Enterprise TechniquesAI

T1203 Exploitation for Client Execution Execution
Adversaries may exploit software vulnerabilities in client applications to execute code.
attack.mitre.org →
Why these techniques?

Out-of-bounds write/use-after-free in Android Bluetooth stack (HFP) directly enables client-side remote code execution over an adjacent network without user interaction.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

In multiple locations, there is a possible out of bounds write due to a use after free. This could lead to remote code execution over Bluetooth, if HFP support is enabled, with no additional execution privileges needed. User interaction is…

more

not needed for exploitation.

Deeper analysisAI

CVE-2025-0084 is a vulnerability in the Android platform's Bluetooth stack, specifically within the packages/modules/Bluetooth component. It manifests as an out-of-bounds write due to a use-after-free error (CWE-416) occurring in multiple locations. Published on 2025-08-26, the issue carries a CVSS v3.1 base score of 8.8 (AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) and can lead to remote code execution over Bluetooth when Hands-Free Profile (HFP) support is enabled.

An attacker in Bluetooth range (adjacent physical proximity) can exploit this vulnerability with low complexity and no required privileges or user interaction. Successful exploitation enables remote code execution, granting high-impact confidentiality, integrity, and availability compromises without additional execution privileges.

The Android Security Bulletin for 2025-03-01 details the issue and recommends applying the upstream patch, available at https://android.googlesource.com/platform/packages/modules/Bluetooth/+/94c565214e3496fbaade9efed8be41d6425ba21e, to mitigate the vulnerability.

Details

CWE(s)
CWE-416

Affected Products

google
android
13.0, 14.0, 15.0

CVEs Like This One

CVE-2025-0074Same product: Google Android
CVE-2025-36897Same product: Google Android
CVE-2025-22403Same product: Google Android
CVE-2024-40651Same product: Google Android
CVE-2025-48543Same product: Google Android
CVE-2025-22409Same product: Google Android
CVE-2025-0075Same product: Google Android
CVE-2024-40669Same product: Google Android
CVE-2024-40670Same product: Google Android
CVE-2025-22404Same product: Google Android

References