A critical use-after-free vulnerability, identified as CVE-2025-0075, has been discovered in multiple products from the vendor "In". This flaw, with a CVSS score of 9.8, can be exploited by a remote, unauthenticated attacker to execute arbitrary code on an affected system. Successful exploitation could lead to a complete system compromise, posing a severe risk to confidentiality, integrity, and availability.

The vulnerability is a use-after-free condition located in the process_service_search_attr_req function of the Service Discovery Protocol (SDP) server component (sdp_server.cc). An unauthenticated remote attacker can exploit this flaw by sending a specially crafted service search attribute request to the affected SDP service. This malicious request triggers the premature freeing of a memory allocation, which is later accessed by the application, leading to memory corruption that can be leveraged to achieve arbitrary code execution with the privileges of the target service.

This vulnerability is rated as critical severity with a CVSS score of 9.8. Successful exploitation by a remote attacker could lead to a full system compromise, resulting in significant business impact. Potential consequences include the theft of sensitive corporate or customer data, deployment of ransomware, disruption of critical services, and using the compromised system as a foothold to launch further attacks against the internal network. The lack of any requirement for authentication or user interaction makes this an easily exploitable and highly dangerous vulnerability.

Immediate Action: Update In Multiple Products to the latest version. Organizations must consult the vendor's security advisory to identify the specific patch details applicable to their environment. After patching, it is essential to monitor for any post-remediation exploitation attempts and review relevant system and access logs for indicators of compromise.

Proactive Monitoring:

• Monitor network traffic for unusual or malformed requests to the Service Discovery Protocol (SDP) service.
• Use Endpoint Detection and Response (EDR) solutions to monitor for anomalous process behavior, such as the SDP server process crashing or spawning unexpected child processes (e.g., command shells).
• Review system logs for errors or crashes related to the sdp_server component.

Compensating Controls:

• If patching is not immediately possible, restrict network access to the affected SDP service from untrusted networks using a firewall.
• Implement network segmentation to isolate vulnerable systems and prevent potential lateral movement from a compromised host.
• Disable the SDP service on systems where it is not a business-critical function.

Public Exploit Available: false

Given the critical severity (CVSS 9.8) and the potential for remote code execution without user interaction, this vulnerability requires immediate attention. We strongly recommend that all organizations identify affected assets and apply the vendor-provided patches on an emergency basis. Although CVE-2025-0075 is not currently on the CISA KEV list, its high impact and low attack complexity make it a prime target for future exploitation. If patching cannot be performed immediately, implement the suggested compensating controls to reduce the attack surface and mitigate risk.