Primary

Context

Android Bluetooth Module Cross-User Media Disclosure Vulnerability

Vulnerability

A vulnerability in the Android Bluetooth module, specifically in the file transfer feature, allows for cross-user media disclosure. This issue arises from a confused deputy problem, where the system incorrectly manages user permissions, potentially leading to unauthorized access to media files belonging to other users. The vulnerability could be exploited without any additional privileges or user interaction.

Impact

Exploitation of this vulnerability could result in unauthorized access to media files across different user accounts on the device.

Remediation

Users can update their devices to the April 2025 security patch level to address this vulnerability.

Added: Sep 2, 2025, 11:28 PM

Updated: Sep 2, 2025, 11:28 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.4

threat

3.2

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.4

threat

3.2

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Android Bluetooth Module Cross-User Media Disclosure Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating