PT-2025-39687 · Google · Android
Published
2025-09-26
·
Updated
2025-12-19
·
CVE-2025-48593
CVSS v2.0
10
10
High
| Base vector | Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Android versions 13 through 16
Description
A critical zero-click remote code execution issue exists in the Bluetooth stack of the Android operating system. This flaw, identified as CVE-2025-48593, is due to a use-after-free condition within the
bta hf client cb initbta hf client main.ccRecommendations
Update to the security patch level 2025-11-01 or newer.
Exploit
Fix
RCE
Use After Free
Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com
Related Identifiers
BDU:2025-13912
CVE-2025-48593
Affected Products
Android
References · 45
- 🔥 https://github.com/letchupkt/CVE-2025-48593⭐ 2 · Exploit
- https://bdu.fstec.ru/vul/2025-13912 · Security Note
- https://nvd.nist.gov/vuln/detail/CVE-2025-48593 · Security Note
- https://source.android.com/security/bulletin/2025-11-01 · Vendor Advisory
- https://twitter.com/offseq/status/1990661638618267884 · Twitter Post
- https://reddit.com/r/GooglePixel/comments/1oy3mfa/no_november_2025_security_update_for_pixel_6 · Reddit Post
- https://reddit.com/r/Kriware/comments/1popjcw/proofofconcept_for_cve202548593_no_real_impact_on · Reddit Post
- https://reddit.com/r/fairphone/comments/1oqufq7/no_security_patch_for_fairphone_despite_massive · Reddit Post
- https://t.me/true_secator/7596 · Telegram Post
- https://twitter.com/techbreifx/status/1987177917315784798 · Twitter Post
- https://twitter.com/coinfreaks/status/1988867636663308766 · Twitter Post
- https://worthdoingbadly.com/bluetooth · Reddit Post
- https://t.me/tmfeed/272562 · Telegram Post
- https://twitter.com/ToHamalainen/status/1971549867840504147 · Twitter Post
- https://twitter.com/FAMASoon/status/1995722477859733600 · Twitter Post