CVE-2025-0079: 
NixOS vulnerability analysis and mitigation

CVE-2025-0079 is a security vulnerability in Android's Bluetooth implementation affecting multiple Android versions (12.0 through 15.0). The vulnerability was discovered and disclosed on August 26, 2025, involving a logic error in the code that could potentially leave avdtp and avctp channels unencrypted (NVD, AttackerKB).

The vulnerability stems from a logic error in the code that affects the encryption of avdtp (Audio/Video Distribution Transport Protocol) and avctp (Audio/Video Control Transport Protocol) channels. It has been assigned a CVSS v3.1 base score of 7.8 (HIGH), with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. The vulnerability is classified under CWE-250 (Execution with Unnecessary Privileges) (NVD).

The vulnerability could lead to local escalation of privilege with user execution privileges. The impact is considered high for confidentiality, integrity, and availability. No user interaction is required for exploitation, making it a significant security concern for affected Android devices (AttackerKB).

Google has addressed this vulnerability by implementing encrypted links for avdtp and avctp channels. The fix was backported from AOSP changes and is included in the March 2025 security update. Users of affected Android versions should update their devices to the latest security patch level (Android Git).