Home > Vulnerability Database > CVE-2023-21125

Mend.io Vulnerability Database

CVE-2023-21125

Date: August 26, 2025

In btif_hh_hsdata_rpt_copy_cb of bta_hh.cc, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.

Severity Score

8.0

Related Resources (4)

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-21125

Url: https://android.googlesource.com/platform/system/bt/+/e7b978841deb331ff5e5849388fa92ee4c40f979

Url: https://source.android.com/security/bulletin/2025-03-01

Url: https://www.mend.io/vulnerability-database/CVE-2023-21125

Severity Score

8.0

Weakness Type (CWE)

Use After Free

CWE-416

CVSS v3.1

Base Score:	8.0
Attack Vector (AV):	ADJACENT_NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2023-21125

Date: August 26, 2025

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?