CVE-2025-48593

Published Nov 18, 2025

Last updated a month ago

CVSS high 8.0
Android System

Overview

AI description

Automated description summarized from trusted sources.

CVE-2025-48593 is a critical zero-click vulnerability in the Android System component that manages essential device functions. It allows attackers to remotely execute malicious code without any user interaction or additional privileges. The vulnerability stems from insufficient validation of user input and affects Android versions 13 through 16. Successful exploitation of CVE-2025-48593 could give attackers full control over affected devices, potentially leading to data theft, ransomware deployment, or the use of compromised smartphones as nodes in botnet attacks. Google has released a security patch in the November 2025 Android Security Bulletin to address this vulnerability.

Description
In bta_hf_client_cb_init of bta_hf_client_main.cc, there is a possible remote code execution due to a use after free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
Source
security@android.com
NVD status
Analyzed
Products
android

Risk scores

CVSS 3.1

Type
Secondary
Base score
8
Impact score
5.9
Exploitability score
2.1
Vector string
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity
HIGH

Weaknesses

134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE-416

Social media

Hype score
Not currently trending

  1. #Android #VulnerabilityReport Android Zero-Click RCE (CVE-2025-48593) in System Component Requires Immediate Patch for Versions 13-16 https://t.co/TwB8gCsVVm

    @Komodosec

    10 Dec 2025

    23 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. 新たなBluetooth脆弱性 CVE-2025-48593 (BlueShrimp) により、スマートカーや Wear OS を含む多数デバイスで DoS が可能。PoC公開済みで放置は危険。OS/ファームウェア更新と不要時のBluetoothオフを強く推奨。#BluetoothVuln #Blu

    @01ra66it

    8 Dec 2025

    132 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. I wrote a blog post on CVE-2025-48593, an issue patched in Android's November Security Bulletin that only affected devices which act as Bluetooth headphones, such as smartwatches, smart glasses, and cars. I examined the patch and wrote a proof-of-concept: https://t.co/bBhoMUGXn6

    @zhuowei

    2 Dec 2025

    13107 Impressions

    30 Retweets

    138 Likes

    64 Bookmarks

    1 Reply

    0 Quotes

  4. CVE-2025-48593: una vulnerabilidad crítica en Bluetooth que afecta a Android 13–16 https://t.co/40iwSwsIN0 El blog de seguridad de Android dio a conocer, mediante un boletín, la detección de una vulnerabilidad de seguridad en Android. La vulnerabilidad CVE-2025-48593, una fa

    @laboratoriolinu

    23 Nov 2025

    25 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. CVE-2025-48593 (CVSS:8.0, HIGH) is Analyzed. In bta_hf_client_cb_init of bta_hf_client_main.cc, there is a possible remote code execution due to a use after free. Th..https://t.co/JwGs64cdmA #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre

    @cracbot

    23 Nov 2025

    4 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. 🚨 CRITICAL RCE in Google Android (13–16): CVE-2025-48593 enables remote takeover via Bluetooth Hands-Free Profile — no user action needed. Patch ASAP, disable Bluetooth HFP if possible! Details: https://t.co/FVxbAEH6kW... https://t.co/RkhnOFxsPl

    @offseq

    18 Nov 2025

    39 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. CVE-2025-48593 In bta_hf_client_cb_init of bta_hf_client_main.cc, there is a possible remote code execution due to a use after free. This could lead to remote code execution with no… https://t.co/aIMdLaG0AJ

    @CVEnew

    18 Nov 2025

    3 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  8. CVE-2025-48593 هي ثغرة حرجة (Critical) في نظام أندرويد تسمح بتنفيذ أوامر عن بُعد RCE بدون أي تفاعل من المستخدم (Zero-Click). المشكلة ناتجة عن خلل في مكوّن System يؤدي إلى فساد في

    @hadrasec

    15 Nov 2025

    2 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  9. A fost descoperită o vulnerabilitate critică în Android (CVE-2025-48593) care permite atacatorilor să preia controlul complet al telefonului fără ca utilizatorul să facă nimic. Atacul se poate declanșa automat printr-un pachet trimis către sistem, fără linkuri, aplica

    @ArioN9871

    10 Nov 2025

    51 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  10. 🚨 URGENT ANDROID SECURITY ALERT! 🚨 CVE-2025-48593 - Zero-Click Remote Code Execution vulnerability discovered! Impact:• Android 13-16 ALL versions affected • NO user interaction required• Spreads via Wi-Fi/Bluetooth/cellular • Single malicious packet = full device

    @liodWang

    10 Nov 2025

    125 Impressions

    0 Retweets

    2 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  11. Alert: CERT-In has flagged a critical zero-click vulnerability (CVE-2025-48593) in Android 13-16, enabling remote code execution without user interaction. This poses severe risks to data privacy and device integrity for millions of users in India. Google's November 2025 security

    @techbreifx

    8 Nov 2025

    67 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  12. 🚨 [CVE-2025-48593] Krytyczna luka 0-click umożliwia zdalne wykonanie kodu w Androidzie🚨 ⚡ Listopadowy biuletyn Google ujawnił poważne luki bezpieczeństwa występujące w systemie Android. ⚡ Błędy występowały w komponencie System i umożliwiały zdalne wykonanie

    @Sekurak

    7 Nov 2025

    8399 Impressions

    8 Retweets

    62 Likes

    17 Bookmarks

    2 Replies

    1 Quote

  13. ⚠️Vulnerabilidades en productos Android ❗CVE-2025-48593 ❗CVE-2025-48581 ➡️Más info: https://t.co/z5IGIpfnbo https://t.co/hg7j1SkG1z

    @CERTpy

    6 Nov 2025

    111 Impressions

    1 Retweet

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  14. 🔴 CVE-2025-48593 Android: Critical System RCE Hits 4 OS Versions Google's November bulletin patches a no-interaction RCE in Android System component across versions 13, 14, 15, and 16. What's nasty: insufficient input validation allows remote attackers to execute arbitrary

    @the_c_protocol

    5 Nov 2025

    32 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  15. 🚨 Vulnerabilidad crítica de Android tipo 0-Click en un componente del sistema permite ataques de ejecución remota de código (RCE) ⚠️ CVE-2025-48593 https://t.co/IZcqKOeyaF https://t.co/RaKvU7xzN1

    @elhackernet

    5 Nov 2025

    8455 Impressions

    35 Retweets

    118 Likes

    42 Bookmarks

    3 Replies

    0 Quotes

  16. 0-Click Android RCE (CVE-2025-48593) Exposes Enterprise Data. How to Protect Your Corporate Device Fleet Now Read the full report on - https://t.co/hH60Tc843E https://t.co/SUXiundgA0

    @Iambivash007

    4 Nov 2025

    44 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  17. 🚨 CRITICAL ANDROID FLAW! Google patches a zero-click RCE vulnerability (CVE-2025-48593). No user interaction needed for exploitation. Affects Android 13, 14, 15 & 16. Update your devices NOW! #Android #CyberSecurity #PatchNow 🔗 https://t.co/67ZeOKApXj

    @NetSecIO

    4 Nov 2025

    8 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  18. 💡 Vulnerabilità Android 0-Click: CVE-2025-48593 Il CVE-2025-48593 è il peggior incubo della sicurezza mobile: zero-click nel System component di Android. https://t.co/hNwhs1QING #android #sicurezza https://t.co/JLWaIgXqXO

    @grazymen

    4 Nov 2025

    89 Impressions

    0 Retweets

    2 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  19. Vulnerabilità Android 0-Click: CVE-2025-48593 https://t.co/POCshjobiO #android #sicurezza https://t.co/jZHOv6LEJP

    @Imbucatura72

    4 Nov 2025

    61 Impressions

    0 Retweets

    2 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  20. Une vulnérabilité 0-click critique (CVE-2025-48593) touchant #Android 13 à 16 et permettant l'exécution de code à distance sans interaction utilisateur a été corrigée. https://t.co/ih6iKpwmgc

    @cert_ist

    4 Nov 2025

    16 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  21. Android (AOSP)に重大(Critical)なゼロクリック脆弱性。CVE-2025-48593はSystemコンポーネントにおける遠隔コード実行。細工されたネットワークパケットか悪意あるアプリから悪用される可能性。詳細は悪用防止のため

    @__kokumoto

    4 Nov 2025

    2813 Impressions

    1 Retweet

    4 Likes

    2 Bookmarks

    0 Replies

    1 Quote

  22. 0-Click Android RCE (CVE-2025-48593) Exposes Enterprise Data – How to Protect Your Corporate Device Fleet Now Read the full report on - https://t.co/FpFvKeTCX9 https://t.co/PjrXbC3Gmx

    @Iambivash007

    4 Nov 2025

    42 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  23. **🚨 Critical Android RCE Alert!** CVE-2025-48593: Zero-click remote code execution in Android 13–16. No user interaction needed. Patch **NOW** via November 2025 security update! 🔗 https://t.co/divAmjV0b3 #AndroidSecurity #0day https://t.co/jiIyGqqdqb

    @B1ackash

    4 Nov 2025

    26 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  24. ثغرة حرجة من نوع Zero-Click في نظام @Android، وفقاً لتحذير أمني أصدرته @Google . تسمح الثغرة CVE-2025-48593 للمهاجمين بالسيطرة الكاملة على الأجهزة عن بعد. عالج تحديث الأمان

    @cyberscastx

    4 Nov 2025

    513 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    1 Reply

    0 Quotes

Configurations

References

Sources include official advisories and independent security research.