CVE-2025-0093
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-08-26

Last updated on: 2025-09-02

Assigner: Android (associated with Google Inc. or Open Handset Alliance)

Description
In handleBondStateChanged of AdapterService.java, there is a possible unapproved data access due to a missing permission check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-08-26
Last Modified
2025-09-02
Generated
2026-06-16
AI Q&A
2025-08-27
EPSS Evaluated
2026-06-14
NVD
CVE-2025-0093
EUVD
EUVD-2025-25851
Affected Vendors & Products
Showing 5 associated CPEs
Vendor Product Version / Range
google android 12.0
google android 12.1
google android 13.0
google android 14.0
google android 15.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-732 The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability occurs in the handleBondStateChanged method of AdapterService.java, where a missing permission check allows possible unapproved data access. This means that information could be disclosed remotely without needing additional execution privileges, although user interaction is required to exploit it.

Impact Analysis

The vulnerability could lead to remote information disclosure, potentially exposing sensitive data without proper authorization. Since no extra execution privileges are needed, an attacker might gain access to information remotely if a user interacts with the exploit.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-0093. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart