In multiple locations, there is a possible way to overlay the installation confirmation dialog due to a tapjacking/overlay attack
Description
In multiple locations, there is a possible way to overlay the installation confirmation dialog due to a tapjacking/overlay attack
Remediation
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Executive Summary:
A critical use-after-free vulnerability, identified as CVE-2025-0075, has been discovered in multiple products from the vendor "In". This flaw, with a CVSS score of 9.8, can be exploited by a remote, unauthenticated attacker to execute arbitrary code on an affected system. Successful exploitation could lead to a complete system compromise, posing a severe risk to confidentiality, integrity, and availability.
Vulnerability Details
CVE-ID: CVE-2025-0075
Affected Software: In Multiple Products
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: The vulnerability is a use-after-free condition located in the
process_service_search_attr_reqfunction of the Service Discovery Protocol (SDP) server component (sdp_server.cc). An unauthenticated remote attacker can exploit this flaw by sending a specially crafted service search attribute request to the affected SDP service. This malicious request triggers the premature freeing of a memory allocation, which is later accessed by the application, leading to memory corruption that can be leveraged to achieve arbitrary code execution with the privileges of the target service.Business Impact
This vulnerability is rated as critical severity with a CVSS score of 9.8. Successful exploitation by a remote attacker could lead to a full system compromise, resulting in significant business impact. Potential consequences include the theft of sensitive corporate or customer data, deployment of ransomware, disruption of critical services, and using the compromised system as a foothold to launch further attacks against the internal network. The lack of any requirement for authentication or user interaction makes this an easily exploitable and highly dangerous vulnerability.
Remediation Plan
Immediate Action: Update In Multiple Products to the latest version. Organizations must consult the vendor's security advisory to identify the specific patch details applicable to their environment. After patching, it is essential to monitor for any post-remediation exploitation attempts and review relevant system and access logs for indicators of compromise.
Proactive Monitoring:
sdp_servercomponent.Compensating Controls:
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of August 26, 2025, there are no known public exploits or active exploitation campaigns targeting this vulnerability. This vulnerability is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog. However, given the critical severity and the potential for remote code execution, security researchers and threat actors are likely to develop exploit code in the near future.
Analyst Recommendation
Given the critical severity (CVSS 9.8) and the potential for remote code execution without user interaction, this vulnerability requires immediate attention. We strongly recommend that all organizations identify affected assets and apply the vendor-provided patches on an emergency basis. Although CVE-2025-0075 is not currently on the CISA KEV list, its high impact and low attack complexity make it a prime target for future exploitation. If patching cannot be performed immediately, implement the suggested compensating controls to reduce the attack surface and mitigate risk.