CVE-2025-0092

In handleBondStateChanged of AdapterService.java, there is a possible permission bypass due to misleading or insufficient UI. This could lead to remote (proximal/adjacent) information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.

Weakness

The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.

Affected Software

Name	Vendor	Start Version	End Version
Android	Google	12.0 (including)	12.0 (including)
Android	Google	12.1 (including)	12.1 (including)
Android	Google	13.0 (including)	13.0 (including)
Android	Google	14.0 (including)	14.0 (including)
Android	Google	15.0 (including)	15.0 (including)

https://cwe.mitre.org/data/definitions/111.html
https://cwe.mitre.org/data/definitions/141.html
https://cwe.mitre.org/data/definitions/142.html
https://cwe.mitre.org/data/definitions/148.html
https://cwe.mitre.org/data/definitions/218.html
https://cwe.mitre.org/data/definitions/384.html
https://cwe.mitre.org/data/definitions/385.html
https://cwe.mitre.org/data/definitions/386.html
https://cwe.mitre.org/data/definitions/387.html
https://cwe.mitre.org/data/definitions/388.html
https://cwe.mitre.org/data/definitions/665.html
https://cwe.mitre.org/data/definitions/701.html

References

https://android.googlesource.com/platform/packages/modules/Bluetooth/+/090ca53cc13c12e3763777a6a3c7367641e9808f
https://source.android.com/security/bulletin/2025-03-01

NVD	https://nvd.nist.gov/vuln/detail/CVE-2025-0092
CWE	https://cwe.mitre.org/data/definitions/345.html

Insufficient Verification of Data Authenticity

Weakness

Affected Software

Related Attack Patterns

References