Code Execution Vulnerability in Bluetooth Stack by Android
CVE-2025-22406
Currently unrated
What is CVE-2025-22406?
A vulnerability exists in the Android Bluetooth Stack where a use after free condition can occur in the bnepu_check_send_packet function of bnep_utils.cc. This flaw enables an attacker to execute arbitrary code, potentially allowing local escalation of privileges without requiring any user interaction. The situation can be exploited by malicious applications operating in the same environment, demonstrating a significant security risk. To mitigate this issue, it is crucial for users to apply the latest patches provided by Android.
Affected Version(s)
Android 15