Home

Description

In bta_hf_client_cb_init of bta_hf_client_main.cc, there is a possible remote code execution due to a use after free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

PUBLISHED Reserved 2025-05-22 | Published 2025-11-18 | Updated 2025-11-19 | Assigner google_android

Problem types

Remote code execution

Product status

Default status
unaffected

16
affected

15
affected

14
affected

13
affected

References

android.googlesource.com/...c4f623201f35831d32e6c401156e76cc

android.googlesource.com/...b44198c80d5aff7e1af1df812f782abb

source.android.com/security/bulletin/2025-11-01

cve.org (CVE-2025-48593)

nvd.nist.gov (CVE-2025-48593)

Download JSON