CVE-2025-22403
Published: 26 August 2025
Summary
CVE-2025-22403 is a critical-severity Use After Free (CWE-416) vulnerability in Google Android. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 15.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2025-22403 is a use-after-free vulnerability (CWE-416) in the function sdp_snd_service_search_req within sdp_discovery.cc of the Android Bluetooth module. The flaw resides in packages/modules/Bluetooth and carries a CVSS 3.1 score of 9.8, reflecting network-accessible arbitrary code execution without privileges or user interaction.
An unauthenticated remote attacker can trigger the condition over Bluetooth to achieve arbitrary code execution on an affected device. No additional execution privileges are required, and the attack does not depend on user interaction.
The March 2025 Android security bulletin and the referenced commit in the Bluetooth repository address the issue through source-level remediation; practitioners should apply the corresponding patch or the March 2025 Android monthly update to eliminate the vulnerable code path. The associated EPSS score remains flat at 0.0226 with no observed increase after disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-25850
Vulnerability details
In sdp_snd_service_search_req of sdp_discovery.cc, there is a possible way to execute arbitrary code due to a use after free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Use-after-free in Bluetooth SDP service allows unauthenticated remote code execution via crafted SDP requests, directly mapping to exploitation of a remotely accessible service (T1190/T1210).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly remediates the use-after-free vulnerability in the Android Bluetooth stack by requiring timely patching as provided in the vendor security bulletin.
Implements memory protection safeguards like ASLR and DEP to prevent arbitrary code execution resulting from the use-after-free condition.
Authorizes, monitors, and controls wireless access to restrict unauthenticated Bluetooth SDP service search requests that trigger the vulnerability.