Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2025-48593 PoC — Google Android 安全漏洞

Source
https://github.com/daiens/CVE-2025-48593
Associated Vulnerability
Title:Google Android 安全漏洞 (CVE-2025-48593)
Description:In bta_hf_client_cb_init of bta_hf_client_main.cc, there is a possible remote code execution due to a use after free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
Description
CVE-2025-48593 Zero-Click RCE in Android System (POC SRC AVAILABLE)
Readme
⚠️ CRITICAL ⚠️
Zero-Click RCE in Android System 

CVE-2025-48593
https://t.me/ReverseTricks

My telegram: https://t.me/SvartNett



One single packet can take control your device!!!

This is the very first POC of 'CVE-2025-48593' to be publicly available.

Developed on: Windows 10 / Windows 11

Vulnerability Summary:

This vulnerability is a critical zero-click remote code execution (RCE) flaw in core components of the Android operating system.
An unauthenticated attacker on the same network can exploit this issue by sending a specially crafted packet to a target device, requiring no interaction from the user.

Attribute Details:

CVE ID: CVE-2025-48593
Severity: Critical  9.8 (Estimated CVSS) 


Attack Vector:

- Network (Remote)
- User Interaction❌ None Required (Zero-Click)
- Privileges❌ None Required


🛡️ Affected Systems
This vulnerability affects most recent Android versions. 
Devices are considered vulnerable if they are running a security patch level before November 2025.
Android 13
Android 14
Android 15
Android 16 & (Pre-release and official builds)

Devices that have successfully installed the November 2025 Android Security Update (patch level 2025-11-01 or 2025-11-05) are protected.
⚡ Technical Analysis
The root cause is a classic buffer overflow in a system service that processes incoming network packets.
The vulnerable component fails to properly validate the size of an incoming packet's payload before copying it into a fixed-size buffer in the system's memory.
An attacker can send a packet with a payload larger than the buffer's capacity, overflowing it and overwriting adjacent memory.
This memory corruption can be leveraged to divert the system's execution flow and run arbitrary code with elevated privileges.


🛑 Immediate Mitigation & User Actions
All users and administrators should take these steps immediately.
1. For All Users
2. Your first priority is to apply the security patch.
3. Update Your Device!
4. Verify That You Are on the Newest version of Android!

Official Resources
Android Security Bulletin: source.android.com/security/bulletinNVD
Entry: nvd.nist.gov/vuln/detail/CVE-2025-48593AOSP
Patch (Technical): Search the Android Git for changes related to CVE-2025-48593.
Related: This month's bulletin also includes CVE-2025-48581 (High, EoP), which is patched in the same update.
File Snapshot

 [4.0K]  /data/pocs/103fd0ec2f6eed8c2d014ee9d54024922dbecda4
├── [4.3K]  adbapis.py
├── [ 19M]  Android 0day-click Nov 2025.zip
├── [5.2K]  apk_builder.py
├── [  92]  apktool.bat
├── [2.5M]  apktool.jar
├── [ 255]  fixdelsoon.py
├── [ 12K]  main.py
├── [ 19M]  mali.apk
├── [2.3K]  README.md
└── [2.6K]  README.MD

0 directories, 10 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →