CVE-2025-0074 is a critical remote code execution (RCE) vulnerability affecting Google Android version 15. The flaw exists in the function process_service_attr_rsp within the sdp_discovery.cc source file, which is part of the Bluetooth Service Discovery Protocol (SDP) implementation. The vulnerability is caused by a use-after-free (CWE-416) error, where memory is accessed after it has been freed, leading to undefined behavior that can be exploited to execute arbitrary code remotely. Notably, exploitation requires no user interaction and no additional privileges, making it highly dangerous. An attacker can send a specially crafted Bluetooth SDP response to a vulnerable Android device, triggering the use-after-free condition and gaining the ability to run malicious code with the same privileges as the affected process, potentially compromising the entire device. The CVSS v3.1 base score of 9.8 reflects the high impact on confidentiality, integrity, and availability, combined with the ease of exploitation (network vector, no privileges, no user interaction). Although no public exploits have been reported yet, the severity and nature of this vulnerability make it a prime target for attackers once exploit code becomes available. The lack of patch links suggests that a fix may not yet be publicly released, increasing the urgency for mitigation and monitoring.

For European organizations, this vulnerability poses a significant risk, especially those relying heavily on Android devices for business operations, communications, and mobile workforce management. The ability to remotely execute code without user interaction or privileges means attackers could compromise devices silently, leading to data breaches, espionage, or disruption of services. Confidential corporate data stored or accessed on Android devices could be exposed or manipulated. Additionally, compromised devices could serve as entry points into corporate networks, facilitating lateral movement and further attacks. The impact extends to critical infrastructure sectors using Android-based systems or IoT devices with similar Bluetooth stacks. Given the widespread use of Android 15 in newer devices, organizations with up-to-date mobile fleets are particularly vulnerable. The threat also affects privacy and regulatory compliance under GDPR, as unauthorized access and data leakage could lead to legal and financial penalties.

Immediate mitigation steps include disabling Bluetooth on Android 15 devices where not essential, especially in high-risk environments. Organizations should enforce strict device usage policies limiting Bluetooth connectivity and monitor Bluetooth traffic for anomalous SDP responses. Network segmentation and mobile device management (MDM) solutions should be leveraged to control device configurations and restrict exposure. Until an official patch is released, users should be advised to avoid pairing with unknown or untrusted Bluetooth devices. Security teams should monitor vendor advisories closely for patches and apply them promptly. Additionally, deploying endpoint detection and response (EDR) solutions capable of detecting suspicious Bluetooth-related activities can help identify exploitation attempts. For critical environments, consider temporary use of Android versions not affected by this vulnerability or alternative secure communication methods. Regular security awareness training should emphasize the risks of Bluetooth exploitation.