CVE-2025-0092

In handleBondStateChanged of AdapterService.java, there is a possible permission bypass due to misleading or insufficient UI. This could lead to remote (proximal/adjacent) information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.
Configurations

No configuration.

History

27 Aug 2025, 14:15

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 6.5
CWE CWE-356
CWE-345
Summary
  • (es) En handleBondStateChanged de AdapterService.java, existe una posible omisión de permisos debido a una interfaz de usuario engañosa o insuficiente. Esto podría provocar la divulgación de información remota (proximal/adyacente) sin necesidad de privilegios de ejecución adicionales. Se requiere la interacción del usuario para su explotación.

26 Aug 2025, 23:15

Type Values Removed Values Added
New CVE

Information

Published : 2025-08-26 23:15

Updated : 2025-08-29 16:22


NVD link : CVE-2025-0092

Mitre link : CVE-2025-0092

CVE.ORG link : CVE-2025-0092


JSON object : View

Products Affected

No product.

CWE
CWE-345

Insufficient Verification of Data Authenticity

CWE-356

Product UI does not Warn User of Unsafe Actions