CVE-2025-22435

CRITICAL

Google Android - Type Confusion

Title source: rule

Description

In avdt_msg_ind of avdt_msg.cc, there is a possible memory corruption due to type confusion. This could lead to paired device escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

References (2)

[Product] https://android.googlesource.com/platform/packages/modules/Bluetooth/+/efa5f4ef386a8947f4777840c5cefff389740e86

[Vendor Advisory] https://source.android.com/security/bulletin/2025-04-01

Scores

CVSS v3 9.8

EPSS 0.0005

EPSS Percentile 14.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

CWE

CWE-843

Status published

Products (3)

google/android 13.0

google/android 14.0

google/android 15.0

Published Sep 02, 2025

Tracked Since Feb 18, 2026