Cyber Resilience

CVE-2025-0084

High

Published: 26 August 2025

Published
26 August 2025
Modified
02 September 2025
KEV Added
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0115 78.9th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-0084 is a high-severity Use After Free (CWE-416) vulnerability in Google Android. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked in the top 21.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 CM-7 (Least Functionality) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2025-0084 is a use-after-free vulnerability (CWE-416) that produces an out-of-bounds write in multiple locations within the Bluetooth stack of Android when HFP support is enabled. The flaw resides in the packages/modules/Bluetooth component and carries a CVSS 3.1 score of 8.8.

An attacker on an adjacent network can trigger the condition over Bluetooth without user interaction or additional privileges, resulting in remote code execution on the affected device.

The Android security bulletin dated 2025-03-01 and the referenced commit in the Bluetooth repository describe the corrective changes that address the issue; applying the March 2025 Android security patch level mitigates the exposure.

EPSS remains flat at 0.0115 with no material increase after disclosure.

EU & UK References

Vulnerability details

In multiple locations, there is a possible out of bounds write due to a use after free. This could lead to remote code execution over Bluetooth, if HFP support is enabled, with no additional execution privileges needed. User interaction is…

more

not needed for exploitation.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1203 Exploitation for Client Execution Execution
Adversaries may exploit software vulnerabilities in client applications to execute code.
Why these techniques?

Out-of-bounds write/use-after-free in Android Bluetooth stack (HFP) directly enables client-side remote code execution over an adjacent network without user interaction.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-0074Same product: Google Android
CVE-2026-0122Same product: Google Android
CVE-2024-40651Same product: Google Android
CVE-2025-22411Same product: Google Android
CVE-2024-40649Same product: Google Android
CVE-2025-22410Same product: Google Android
CVE-2024-43767Same product: Google Android
CVE-2025-0075Same product: Google Android
CVE-2025-36897Same product: Google Android
CVE-2025-48543Same product: Google Android

Affected Assets

google
android
13.0, 14.0, 15.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates the use-after-free vulnerability in the Android Bluetooth stack by requiring timely remediation through application of the recommended upstream patch.

prevent

Prevents exploitation by configuring the system to disable non-essential Bluetooth HFP support, eliminating the condition required for the vulnerability to be triggered.

prevent

Provides memory protection mechanisms that hinder exploitation of the use-after-free and out-of-bounds write leading to remote code execution.

References