CVE-2025-69515

CRITICAL

JXL 9 Inch Car Android Double Din Player Android 12.0 - GPS Spoofing

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-69515. PoCs published by thorat-shubham.

AI-analyzed exploit summary This repository provides a detailed technical analysis of CVE-2025-69515, a GPS spoofing vulnerability in the JXL 9 Inch Car Android Double Din Player. It describes the attack vector, affected components, and CVSS scoring, but does not include functional exploit code.

Description

An issue in JXL 9 Inch Car Android Double Din Player Android v12.0 allows attackers to force the infotainment system into accepting falsified GPS signals as legitimate, resulting in the device reporting an incorrect or static location.

Exploits (1)

nomisec WRITEUP

by thorat-shubham · poc

https://github.com/thorat-shubham/JXL_Infotainment_CVE-2025-69515

View Code ZIP pw:eip

This repository provides a detailed technical analysis of CVE-2025-69515, a GPS spoofing vulnerability in the JXL 9 Inch Car Android Double Din Player. It describes the attack vector, affected components, and CVSS scoring, but does not include functional exploit code.

Classification

Writeup 90%

Attack Type

Other

Complexity

Moderate

Reliability

Theoretical

Target: JXL 9 Inch Car Android Double Din Player (Android version 12.0)

No auth needed

Prerequisites: SDR device · RF proximity to target

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Apr 28, 2026 Full analysis →

References (2)

Core 2

Core References

http://jxl.com

https://github.com/thorat-shubham/JXL_Infotainment_CVE-2025-69515/blob/main/README.md

View Exploit ZIP pw:eip

Scores

CVSS v3 9.1

EPSS 0.0006

EPSS Percentile 17.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-941

Status published

Published Apr 07, 2026

Tracked Since Apr 08, 2026