CVE-2025-48539 — Use After Free

Vendor	Product	Version range	Fixed in
google	android	—	—
google	android	—	—
google	android	—	—
google	android	—	—
google	android	—	—
platform	packages_modules_bluetooth	>= 15:0 < 15:2025-09-01	15:2025-09-01
platform	packages_modules_bluetooth	>= 16-next:0 < 16-next:2025-09-01	16-next:2025-09-01
platform	packages_modules_bluetooth	>= 16:0 < 16:2025-09-01	16:2025-09-01

GHSA

GHSA-f769-ghq4-665p: In SendPacketToPeer of acl_arbiter

ghsa_unreviewed·2025-09-04

CVE-2025-48539 [HIGH] CWE-416 GHSA-f769-ghq4-665p: In SendPacketToPeer of acl_arbiter In SendPacketToPeer of acl_arbiter.cc, there is a possible out of bounds read due to a use after free. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

OSV

CVE-2025-48539: In SendPacketToPeer of acl_arbiter

osv·2025-09-01

CVE-2025-48539 CVE-2025-48539: In SendPacketToPeer of acl_arbiter In SendPacketToPeer of acl_arbiter.cc, there is a possible out of bounds read due to a use after free. This could lead to remotely-triggered local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Android

CVE-2025-48539: Android Security Bulletin 2025-09-01 CVE: CVE-2025-48539 Severity: HIGH Type: RCE Affected AOSP versions: 15, 16 References: A-406785684

vendor_android·2025-09-01·CVSS 8.0

CVE-2025-48539 [HIGH] CVE-2025-48539: Android Security Bulletin 2025-09-01 CVE: CVE-2025-48539 Severity: HIGH Type: RCE Affected AOSP versions: 15, 16 References: A-406785684 Android Security Bulletin 2025-09-01 CVE: CVE-2025-48539 Severity: HIGH Type: RCE Affected AOSP versions: 15, 16 References: A-406785684

CVE-2025-48539: In SendPacketToPeer of acl_arbiter.cc, there is a possible out of bounds read due to a use after free. This could lead to remote (proximal/adjacent) code…

Affected