CVE-2025-0084
Published: 26 August 2025
Summary
CVE-2025-0084 is a high-severity Use After Free (CWE-416) vulnerability in Google Android. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked in the top 21.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 CM-7 (Least Functionality) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2025-0084 is a use-after-free vulnerability (CWE-416) that produces an out-of-bounds write in multiple locations within the Bluetooth stack of Android when HFP support is enabled. The flaw resides in the packages/modules/Bluetooth component and carries a CVSS 3.1 score of 8.8.
An attacker on an adjacent network can trigger the condition over Bluetooth without user interaction or additional privileges, resulting in remote code execution on the affected device.
The Android security bulletin dated 2025-03-01 and the referenced commit in the Bluetooth repository describe the corrective changes that address the issue; applying the March 2025 Android security patch level mitigates the exposure.
EPSS remains flat at 0.0115 with no material increase after disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-25854
Vulnerability details
In multiple locations, there is a possible out of bounds write due to a use after free. This could lead to remote code execution over Bluetooth, if HFP support is enabled, with no additional execution privileges needed. User interaction is…
more
not needed for exploitation.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Out-of-bounds write/use-after-free in Android Bluetooth stack (HFP) directly enables client-side remote code execution over an adjacent network without user interaction.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly mitigates the use-after-free vulnerability in the Android Bluetooth stack by requiring timely remediation through application of the recommended upstream patch.
Prevents exploitation by configuring the system to disable non-essential Bluetooth HFP support, eliminating the condition required for the vulnerability to be triggered.
Provides memory protection mechanisms that hinder exploitation of the use-after-free and out-of-bounds write leading to remote code execution.