How to fix CVE-2025-63896?

Within 24 hours: Inventory all affected JXL 9 Inch Car Android Double Din Player units in use and identify deployment locations. Within 7 days: Implement Bluetooth pairing restrictions and disable Bluetooth HID if not operationally required; communicate risk advisory to all users and fleet managers. Within 30 days: Monitor vendor communications for security patches; evaluate replacement or hardware retrofit options if available; document all remediation steps for compliance records.

Is Jxl 9 Inch Car Android Double Din Player Firmware affected by CVE-2025-63896?

A HIGH severity vulnerability in automotive infotainment systems (JXL 9 Inch Car Android Double Din Players) allows attackers to inject arbitrary keystrokes through spoofed Bluetooth connections, potentially enabling vehicle control manipulation, data theft, or system compromise.

CVE-2025-63896

EUVD-2025-201273 HIGH

2025-12-04 [email protected]

7.6

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L

Attack Vector

Adjacent

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

High

Availability

Low

Lifecycle Timeline

Analysis Generated

Mar 15, 2026 - 16:35 vuln.today

EUVD ID Assigned

Mar 15, 2026 - 16:35 euvd

EUVD-2025-201273

PoC Detected

Jan 22, 2026 - 15:16 vuln.today

Public exploit code

CVE Published

Dec 04, 2025 - 21:16 nvd

HIGH 7.6

Description

An issue in the Bluetooth Human Interface Device (HID) of JXL 9 Inch Car Android Double Din Player Android v12.0 allows attackers to inject arbitrary keystrokes via a spoofed Bluetooth HID device.

Analysis

An issue in the Bluetooth Human Interface Device (HID) of JXL 9 Inch Car Android Double Din Player Android v12.0 allows attackers to inject arbitrary keystrokes via a spoofed Bluetooth HID device.

Technical Context

An authentication bypass vulnerability allows attackers to circumvent login mechanisms and gain unauthorized access without valid credentials. This vulnerability is classified as Missing Authentication for Critical Function (CWE-306).

Affected Products

Affected products: Jxlindia Jxl 9 Inch Car Android Double Din Player Firmware 12.0

Remediation

Implement robust authentication mechanisms. Use multi-factor authentication. Review authentication logic for bypass conditions. Remove default credentials.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +38

POC: +20

CVE-2025-63896 vulnerability details – vuln.today

Back

CVE-2025-63896

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

CVE-2025-63896

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

External POC / Exploit Code