CVE Catalog

CVE-2025-48571

MediumCVSS 4.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.18%

7th percentile — higher than 7% of all known CVEs

Summary

In multiple functions of btm_sec.cc, there is a possible way for an attacker to intercept SMS messages due to a logic error in the code. This could lead to remote information disclosure with no additional execution privileges needed.

Risk Assessment

The organization may be exposed to the disclosure of sensitive information, potentially leading to privacy violations for users. User interaction is needed for exploitation.

Recommendation

It is recommended to review and fix the code in btm_sec.cc to eliminate logic errors and implement additional safeguards to protect against SMS message interception.

Original NVD description (English source)

In multiple functions of btm_sec.cc, there is a possible way for an attacker to intercept SMS messages due to a logic error in the code. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS