CVE Catalog

CVE-2025-69515

CriticalCVSS 9.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.47%

37th percentile — higher than 37% of all known CVEs

Summary

A vulnerability in the Android system of the JXL 9 Inch Car Android Double Din Player version 12.0 allows an attacker to force the infotainment system into accepting falsified GPS signals as legitimate, resulting in the device reporting an incorrect or static location.

Risk Assessment

The risk is that an attacker can manipulate the vehicle's location, potentially affecting navigation apps, safety systems, or other GPS-dependent functions, leading to incorrect routes or false alerts.

Recommendation

It is recommended to update the radio firmware to the latest version if a patch is available from the manufacturer, and to implement GPS signal authentication mechanisms such as filtering or cross-referencing with other location sources.

Original NVD description (English source)

An issue in JXL 9 Inch Car Android Double Din Player Android v12.0 allows attackers to force the infotainment system into accepting falsified GPS signals as legitimate, resulting in the device reporting an incorrect or static location.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS