A critical remote code execution vulnerability, identified as CVE-2025-22403, has been discovered in multiple products from the vendor "In". This flaw allows an unauthenticated remote attacker to execute arbitrary code on an affected system, potentially leading to a complete system compromise. Due to its critical severity and the lack of required user interaction for exploitation, this vulnerability poses a significant and immediate risk to affected organizations.

This vulnerability is a use-after-free memory corruption flaw located in the sdp_snd_service_search_req function of the Service Discovery Protocol (SDP) implementation. An attacker can trigger this flaw by sending a specially crafted SDP service search request to a vulnerable device. This action causes the application to reference a memory location that has already been deallocated, which can be manipulated by the attacker to corrupt memory and execute arbitrary code with the privileges of the affected service. Successful exploitation does not require any authentication or user interaction.

This vulnerability is rated as critical severity with a CVSS score of 9.8. Successful exploitation could lead to a complete compromise of the affected system's confidentiality, integrity, and availability. An unauthenticated remote attacker could gain full control over the vulnerable asset, enabling them to steal sensitive data, install malware such as ransomware, disrupt critical services, or use the compromised system as a pivot point to move laterally within the organization's network. The potential for unauthenticated remote code execution presents a severe risk of significant financial, reputational, and operational damage.

Immediate Action: Prioritize the immediate deployment of security updates. Update all instances of "In Multiple Products" to the latest patched version as recommended by the vendor. Consult the official vendor security advisory for specific patch information and detailed instructions.

Proactive Monitoring: Implement enhanced monitoring on vulnerable systems. Security teams should look for anomalous or malformed SDP traffic, unexpected application crashes related to memory errors, and any unusual outbound network connections from affected assets. Review system and application logs for any evidence of exploitation attempts or indicators of compromise.

Compensating Controls: If immediate patching is not feasible, apply compensating controls to reduce the risk of exploitation. Implement strict network segmentation to isolate vulnerable systems from the internet and other critical internal network segments. Use firewalls or Access Control Lists (ACLs) to restrict access to the affected SDP service to only trusted hosts. Deploy a Network Intrusion Prevention System (NIPS) with virtual patching capabilities to detect and block known exploit signatures for this vulnerability.

Public Exploit Available: False (as of Aug 26, 2025)

Given the critical CVSS score of 9.8 and the risk of unauthenticated remote code execution, this vulnerability requires immediate attention. We strongly recommend that organizations identify all affected assets and apply the vendor-supplied patches on an emergency basis. If patching must be delayed, the compensating controls outlined above should be implemented immediately to mitigate the risk. This vulnerability should be treated as a top priority for remediation, as its characteristics make it an attractive target for threat actors.