Arbitrary Activity Launch Vulnerability in Android Bluetooth Module
CVE-2025-22437

Currently unrated

Key Information:

Vendor: Google
Status: Android
Vendor: CVE Published:; 2 September 2025

What is CVE-2025-22437?

The Bluetooth module in Android contains a vulnerability that stems from a logic error in the setMediaButtonReceiver function across multiple files. This flaw allows attackers to launch arbitrary activities from the background without requiring any user interaction or elevated privileges. It represents a significant risk as it enables local escalation of privilege, potentially compromising user data and device security. Remediation involves applying the latest patches to minimize exposure to this vulnerability.

Affected Version(s)

Android 13

References

https://android.googlesource.com/platform/packages/module...

https://source.android.com/security/bulletin/2025-04-01

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 2, 2025
Vulnerability Reserved
Jan 6, 2025

Google

What is CVE-2025-22437?

Affected Version(s)

References

Timeline