CVE-2019-2225

HIGH

Android - Privilege Escalation

Title source: llm

Description

When pairing with a Bluetooth device, it may be possible to pair a malicious device without any confirmation from the user, and that device may be able to interact with the phone. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-110433804

Exploits (1)

github 34 stars

by DarkFunct · cpoc

https://github.com/DarkFunct/CVE_Exploits/tree/main/CVE-2019-2225

View on github

References (1)

[Patch, Vendor Advisory] https://source.android.com/security/bulletin/2019-12-01

Scores

CVSS v3 8.8

EPSS 0.0064

EPSS Percentile 70.5%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-269

Status published

Products (4)

google/android 8.0

google/android 8.1

google/android 9.0

google/android 10.0

Published Dec 06, 2019

Tracked Since Feb 18, 2026