A critical use-after-free vulnerability, identified as CVE-2025-0074, has been discovered in multiple products from the vendor "In". This flaw allows a remote, unauthenticated attacker to execute arbitrary code on an affected system, potentially leading to a full system compromise without any user interaction. Due to its critical severity and the potential for remote exploitation, immediate remediation is strongly advised.

The vulnerability is a use-after-free condition located in the process_service_attr_rsp function of the sdp_discovery.cc source file. This function is responsible for processing Service Discovery Protocol (SDP) attribute responses, likely within a Bluetooth stack. An unauthenticated attacker within proximity (e.g., Bluetooth range) can send a specially crafted SDP response to a vulnerable device, causing the application to use a pointer to memory that has already been deallocated. By controlling the data subsequently written to this memory location, the attacker can hijack the program's execution flow, resulting in remote code execution.

This vulnerability presents a critical risk to the organization, reflected by its CVSS score of 9.8. Successful exploitation allows a remote attacker to gain complete control over an affected device, compromising its confidentiality, integrity, and availability. The potential consequences include theft of sensitive data, deployment of malware such as ransomware or spyware, disruption of business operations, and using the compromised system as a pivot point to attack other internal network resources. The lack of required user interaction or authentication lowers the bar for a successful attack significantly.

Immediate Action: Prioritize the deployment of vendor-supplied patches. Update all instances of "In Multiple Products" to the latest version immediately. Refer to the official vendor security advisory for specific patch information and detailed instructions for affected product lines.

Proactive Monitoring: Implement enhanced monitoring for anomalous Bluetooth traffic, specifically looking for malformed or unexpected SDP attribute responses. On host systems, monitor for crashes in Bluetooth-related services, unexpected process execution, and unauthorized system modifications. Review system and application logs for any errors or warnings related to the sdp_discovery function.

Compensating Controls: If immediate patching is not feasible, implement the following controls to reduce risk:

• Disable Bluetooth functionality on devices where it is not essential for business operations.
• Implement network segmentation to limit the exposure of vulnerable services to untrusted devices.
• Deploy host-based intrusion prevention systems (HIPS) to detect and block memory corruption exploitation techniques.

Public Exploit Available: false

Given the critical CVSS score of 9.8, this vulnerability must be treated with the highest priority. We strongly recommend that organizations identify all affected assets and apply the necessary security updates immediately. While there is no current evidence of active exploitation or inclusion in the CISA KEV catalog, the severity of this flaw makes proactive remediation essential to prevent a potential system compromise. If patching cannot be performed immediately, apply the suggested compensating controls to mitigate the immediate risk.