Arbitrary Code Execution Vulnerability in Android Bluetooth Module
CVE-2025-22407

Currently unrated

Key Information:

Vendor: Google
Status: Android
Vendor: CVE Published:; 26 August 2025

What is CVE-2025-22407?

The Android Bluetooth module contains a vulnerability that allows for potential arbitrary code execution due to a use after free condition in the hidd_check_config_done function. This could lead to unauthorized access to sensitive information without requiring additional execution privileges or user interaction. Proper security measures should be taken to mitigate the risks associated with this vulnerability.

Affected Version(s)

Android 15

References

https://android.googlesource.com/platform/packages/module...

https://source.android.com/security/bulletin/2025-03-01

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 26, 2025
Vulnerability Reserved
Jan 6, 2025

Google

What is CVE-2025-22407?

Affected Version(s)

References

Timeline