CVE-2025-48593

HIGH

Android - Remote Code Execution via Use-After-Free in bta_hf_client_cb_init

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2025-48593. PoCs published by zhuowei, logesh-GIT001, ranasen-rat.

AI-analyzed exploit summary This repository contains a functional proof-of-concept exploit for CVE-2025-48593, a Bluetooth vulnerability in Android affecting devices acting as headphones/speakers. The PoC crashes the Android Automotive emulator by triggering a memory corruption (SIGSEGV) via crafted Bluetooth SDP data.

Description

In bta_hf_client_cb_init of bta_hf_client_main.cc, there is a possible remote code execution due to a use after free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

Exploits (3)

nomisec WORKING POC 49 stars
by zhuowei · poc
https://github.com/zhuowei/blueshrimp

This repository contains a functional proof-of-concept exploit for CVE-2025-48593, a Bluetooth vulnerability in Android affecting devices acting as headphones/speakers. The PoC crashes the Android Automotive emulator by triggering a memory corruption (SIGSEGV) via crafted Bluetooth SDP data.

Classification
Working Poc 95%
Attack Type
Dos
Complexity
Moderate
Reliability
Reliable
Target: Android Bluetooth stack (Android Automotive, affected smartwatches/glasses/cars)
Auth required
Prerequisites: Bluetooth pairing with target device · Target device must support Bluetooth headset/speaker profile
devstral-2 · analyzed Feb 19, 2026 Full analysis →
nomisec WRITEUP 7 stars
by logesh-GIT001 · poc
https://github.com/logesh-GIT001/CVE-2025-48593

This repository provides a detailed technical analysis of CVE-2025-48593, a zero-click RCE vulnerability in Android's System component. It includes pseudocode, attack chain breakdowns, and mitigation steps but lacks actual exploit code.

Classification
Writeup 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Theoretical
Target: Android 13-16 (System component)
No auth needed
Prerequisites: Network access to target device · Unpatched Android device (versions 13-16)
devstral-2 · analyzed Feb 19, 2026 Full analysis →
nomisec WRITEUP 2 stars
by ranasen-rat · poc
https://github.com/ranasen-rat/CVE-2025-48593

This repository provides a detailed technical analysis of CVE-2025-48593, a zero-click RCE vulnerability in Android 13-16. It includes root cause analysis, pseudocode of the vulnerable function, mitigation steps, and visual attack flow diagrams.

Classification
Writeup 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Theoretical
Target: Android System Component (Android 13-16)
No auth needed
Prerequisites: Network access to target device · Unpatched Android device (Android 13-16)
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (3)

Core 3

Scores

CVSS v3 8.0
EPSS 0.0091
EPSS Percentile 55.3%
Attack Vector ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-416
Status published
Products (4)
google/android 13.0
google/android 14.0
google/android 15.0
google/android 16.0
Published Nov 18, 2025
Tracked Since Feb 18, 2026