CVE-2025-69515

| EUVD-2025-209278 CRITICAL
2026-04-07 mitre
9.1
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
High

Lifecycle Timeline

3
EUVD ID Assigned
Apr 07, 2026 - 20:16 euvd
EUVD-2025-209278
Analysis Generated
Apr 07, 2026 - 20:16 vuln.today
CVE Published
Apr 07, 2026 - 00:00 nvd
CRITICAL 9.1

Tags

Google Information Disclosure N A

Description

An issue in JXL 9 Inch Car Android Double Din Player Android v12.0 allows attackers to force the infotainment system into accepting falsified GPS signals as legitimate, resulting in the device reporting an incorrect or static location.

Analysis

GPS spoofing vulnerability in JXL 9 Inch Car Android Double Din Player (Android 12.0) allows unauthenticated remote attackers to inject falsified GPS signals that the infotainment system accepts as legitimate, forcing incorrect or static location reporting. Exploitation requires no user interaction and achieves high integrity and availability impact through manipulation of navigation data. No public exploit identified at time of analysis. CVSS 9.1 reflects network-accessible attack vector with low complexity.

Technical Context

Root cause stems from insufficient GPS signal validation (CWE-941 incorrectly matched-actual weakness is improper input validation of GNSS data). Device fails to authenticate or verify cryptographic integrity of GPS position data streams, enabling injection of malicious NMEA sentences or spoofed satellite signals. Android 12.0 implementation lacks anti-spoofing mechanisms such as signal strength analysis or multi-source correlation.

Affected Products

JXL 9 Inch Car Android Double Din Player running Android 12.0. Vendor and specific firmware version details unavailable. No CPE identifier provided beyond placeholder entry.

Remediation

No vendor-released patch identified at time of analysis. Primary vendor advisory channel (http://jxl.com) should be consulted for firmware updates addressing GPS signal authentication. Interim mitigations: disable automatic GPS-based features in infotainment settings, use smartphone-based navigation as independent reference, implement physical anti-spoofing hardware filters if available for aftermarket installation. Fleet operators should monitor for anomalous location jumps via telematics platforms. Detailed vulnerability analysis available at https://github.com/thorat-shubham/JXL_Infotainment_CVE-2025-69515/blob/main/README.md. Contact JXL support directly to request patched firmware or schedule hardware replacement if vulnerability affects critical navigation-dependent systems. Official NVD entry: https://nvd.nist.gov/vuln/detail/CVE-2025-69515

Priority Score

46
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +46
POC: 0

Share

CVE-2025-69515 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy