CVE-2025-69515

CRITICAL

JXL 9 Inch Car Android Double Din Player Android 12.0 - GPS Spoofing

Title source: llm

Description

An issue in JXL 9 Inch Car Android Double Din Player Android v12.0 allows attackers to force the infotainment system into accepting falsified GPS signals as legitimate, resulting in the device reporting an incorrect or static location.

References (2)

http://jxl.com

https://github.com/thorat-shubham/JXL_Infotainment_CVE-2025-69515/blob/main/README.md

View Exploit ZIP pw:eip

Scores

CVSS v3 9.1

EPSS 0.0005

EPSS Percentile 15.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-941

Status published

Published Apr 07, 2026

Tracked Since Apr 08, 2026