A critical vulnerability, identified as CVE-2025-22435, has been discovered in multiple products from the vendor "In". This flaw, caused by a type confusion error, can lead to memory corruption and allows a previously paired device to escalate its privileges, potentially gaining full control of the affected system without requiring any user interaction.

The vulnerability exists within the avdt_msg_ind function of the avdt_msg.cc source file, which is likely related to the Bluetooth A2DP (Advanced Audio Distribution Profile) stack. A type confusion error allows a remote attacker, using a device that is already paired with the target system, to send a specially crafted message. This message is improperly handled by the system, leading to memory corruption, which can be leveraged by the attacker to execute arbitrary code and escalate their privileges to the highest level on the device.

This vulnerability is rated as critical severity with a CVSS score of 9.8. Successful exploitation could grant an attacker complete control over the affected device, leading to severe consequences for the organization. These consequences include the theft of sensitive corporate or personal data, unauthorized modification of critical information, deployment of ransomware, and complete disruption of the device's availability. Given that the attack can be launched from a paired device, it poses a significant risk to systems where Bluetooth pairing is common, such as mobile devices, laptops, and IoT endpoints within the corporate environment.

Immediate Action: The primary remediation is to apply the security patches provided by the vendor. System administrators should immediately identify all affected assets and update "In Multiple Products" to the latest version. Refer to the official vendor security advisory for specific patch details and instructions.

Proactive Monitoring: Security teams should actively monitor for any signs of exploitation. This includes analyzing Bluetooth traffic for malformed or anomalous packets, reviewing system and application crash logs for entries related to the affected components, and monitoring for any unexpected privilege escalation events or unauthorized processes on endpoints.

Compensating Controls: If immediate patching is not feasible, consider implementing the following controls to reduce risk:

• Disable Bluetooth on all vulnerable devices where it is not a business-critical function.
• Enforce a strict device pairing policy, allowing connections only from fully trusted and vetted devices.
• Implement network segmentation to isolate vulnerable devices and prevent potential lateral movement in the event of a compromise.
• Ensure Endpoint Detection and Response (EDR) solutions are deployed and configured to detect and block anomalous behavior resulting from memory corruption exploits.

Public Exploit Available: false

Due to the critical severity (CVSS 9.8) of this vulnerability and the potential for a complete system compromise, immediate remediation is strongly recommended. Although this vulnerability is not currently listed on the CISA Known Exploited Vulnerabilities (KEV) catalog, its high impact score signifies a significant and immediate risk to the organization. Organizations should prioritize applying the vendor-supplied patches to all affected systems without delay to prevent potential exploitation.