Out of Bounds Read Vulnerability in Bluetooth Stack by Google

CVE-2025-48539

What is CVE-2025-48539?

CVE-2025-48539 is a vulnerability affecting the Bluetooth stack developed by Google. Specifically, this flaw is an out-of-bounds read that occurs in the SendPacketToPeer function located in the acl_arbiter.cc file. This vulnerability arises from a use-after-free condition, which could enable an attacker to execute remote code adjacent to the compromised system without requiring additional privileges. Since the vulnerability does not necessitate user interaction for exploitation, it poses a considerable risk, potentially allowing malicious actors to execute arbitrary code within the context of an affected application or environment, compromising the integrity and confidentiality of sensitive data.

Potential impact of CVE-2025-48539

1. Remote Code Execution: The vulnerability allows for potential remote code execution, which could enable an attacker to gain unauthorized control over affected devices, leading to further exploitation or data manipulation.

2. Data Exposure: Successful exploitation can compromise the data integrity and confidentiality, posing risks to sensitive information stored on or transmitted by affected devices.

3. System Compromise: The ability to execute code remotely could lead to broader system compromises, allowing an attacker to pivot and exploit other vulnerabilities in the network, escalating their access and control significantly.

References