目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1310

100%
请我们喝杯咖啡

CVE-2025-48593 PoC — Google Android 安全漏洞

来源
https://github.com/daiens/CVE-2025-48593
关联漏洞
标题:Google Android 安全漏洞 (CVE-2025-48593)
Description:Google Android是美国谷歌(Google)公司的一套以Linux为基础的开源操作系统。 Google Android存在安全漏洞,该漏洞源于bta_hf_client_main.cc中的释放后重用,可能导致远程代码执行。
Description
CVE-2025-48593 Zero-Click RCE in Android System (POC SRC AVAILABLE)
介绍
⚠️ CRITICAL ⚠️
Zero-Click RCE in Android System 

CVE-2025-48593
https://t.me/ReverseTricks

My telegram: https://t.me/SvartNett



One single packet can take control your device!!!

This is the very first POC of 'CVE-2025-48593' to be publicly available.

Developed on: Windows 10 / Windows 11

Vulnerability Summary:

This vulnerability is a critical zero-click remote code execution (RCE) flaw in core components of the Android operating system.
An unauthenticated attacker on the same network can exploit this issue by sending a specially crafted packet to a target device, requiring no interaction from the user.

Attribute Details:

CVE ID: CVE-2025-48593
Severity: Critical  9.8 (Estimated CVSS) 


Attack Vector:

- Network (Remote)
- User Interaction❌ None Required (Zero-Click)
- Privileges❌ None Required


🛡️ Affected Systems
This vulnerability affects most recent Android versions. 
Devices are considered vulnerable if they are running a security patch level before November 2025.
Android 13
Android 14
Android 15
Android 16 & (Pre-release and official builds)

Devices that have successfully installed the November 2025 Android Security Update (patch level 2025-11-01 or 2025-11-05) are protected.
⚡ Technical Analysis
The root cause is a classic buffer overflow in a system service that processes incoming network packets.
The vulnerable component fails to properly validate the size of an incoming packet's payload before copying it into a fixed-size buffer in the system's memory.
An attacker can send a packet with a payload larger than the buffer's capacity, overflowing it and overwriting adjacent memory.
This memory corruption can be leveraged to divert the system's execution flow and run arbitrary code with elevated privileges.


🛑 Immediate Mitigation & User Actions
All users and administrators should take these steps immediately.
1. For All Users
2. Your first priority is to apply the security patch.
3. Update Your Device!
4. Verify That You Are on the Newest version of Android!

Official Resources
Android Security Bulletin: source.android.com/security/bulletinNVD
Entry: nvd.nist.gov/vuln/detail/CVE-2025-48593AOSP
Patch (Technical): Search the Android Git for changes related to CVE-2025-48593.
Related: This month's bulletin also includes CVE-2025-48581 (High, EoP), which is patched in the same update.
文件快照

登录后查看神龙缓存的 POC 文件快照

登录查看
备注
    1. 建议优先通过来源进行访问。
    2. 本地 POC 快照面向订阅用户开放;当原始来源失效或无法访问时,本地镜像作为订阅权益的一部分提供。
    3. 持续抓取、验证、维护这份 POC 档案需要不少投入,因此本地快照已纳入付费订阅。您的订阅是让这份资料能继续走下去的关键,由衷感谢。 查看订阅方案 →