CVE-2025-0075 is a critical remote code execution (RCE) vulnerability affecting Google Android version 15. The flaw exists in the function process_service_search_attr_req within the sdp_server.cc source file, where a use-after-free condition can be triggered. This type of vulnerability occurs when a program continues to use memory after it has been freed, potentially allowing an attacker to execute arbitrary code. Notably, this vulnerability requires no user interaction and no additional privileges, making it highly exploitable remotely over the network. The CVSS v3.1 base score of 9.8 reflects the severity, with attack vector being network (AV:N), no complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), and full impact on confidentiality, integrity, and availability (C:H/I:H/A:H). The vulnerability is in the Bluetooth Service Discovery Protocol (SDP) server component, which handles service search attribute requests. Exploiting this flaw could allow an attacker to execute arbitrary code on the affected Android device, potentially gaining full control. Although no known exploits are currently reported in the wild, the ease of exploitation and critical impact make this a significant threat. The vulnerability is assigned CWE-416 (Use After Free), a common and dangerous memory corruption issue. No patches are currently linked, indicating that mitigation may require urgent vendor updates or workarounds once available.

For European organizations, this vulnerability poses a severe risk, especially those relying heavily on Android 15 devices for business operations, including mobile workforce, BYOD environments, and IoT devices running Android. Successful exploitation could lead to complete device compromise, data breaches, espionage, or disruption of critical services. Given the lack of required user interaction and privileges, attackers could remotely target devices simply by being within Bluetooth range or potentially via network vectors if SDP is exposed. This could impact confidentiality of sensitive corporate data, integrity of communications, and availability of mobile services. Industries such as finance, healthcare, government, and critical infrastructure in Europe could be particularly affected due to the sensitive nature of data and regulatory requirements like GDPR. Additionally, compromised devices could serve as entry points for lateral movement within corporate networks, amplifying the threat. The absence of known exploits currently provides a window for proactive mitigation, but the critical severity demands immediate attention.

European organizations should prioritize the following specific actions: 1) Immediately inventory and identify all Android 15 devices in use, including corporate-owned and BYOD. 2) Monitor vendor communications closely for official patches or security updates from Google and apply them promptly once available. 3) Until patches are released, consider disabling Bluetooth SDP services or restricting Bluetooth usage on critical devices to minimize exposure. 4) Implement network segmentation and strict access controls to limit device exposure to untrusted networks or users. 5) Employ mobile device management (MDM) solutions to enforce security policies, monitor device behavior, and push updates rapidly. 6) Educate users about the risks of Bluetooth exposure and encourage disabling Bluetooth when not in use. 7) Enhance endpoint detection and response (EDR) capabilities to detect anomalous behavior indicative of exploitation attempts. 8) Review and update incident response plans to include scenarios involving mobile device compromise via Bluetooth vulnerabilities. These targeted measures go beyond generic advice by focusing on Bluetooth SDP service exposure and rapid patch management tailored to Android 15 environments.