CVE-2025-63896: An issue in the Bluetooth Human Interface Device (HID) of JXL 9 Inch Car Android Double Din Player Android...
An issue in the Bluetooth Human Interface Device (HID) of JXL 9 Inch Car Android Double Din Player Android v12.0 allows attackers to inject arbitrary keystrokes via a spoofed Bluetooth HID device.
Security readout for executives and security teams
Plain-English summary
CVE-2025-63896 describes a Bluetooth weakness in a JXL 9 Inch Car Android Double Din Player running Android v12.0. A nearby attacker could impersonate a Bluetooth keyboard-like device and send keystrokes to the unit without authentication. This could change settings, open apps, or affect infotainment availability depending on device state.
Executive priority
Treat as a targeted, proximity-based risk to affected vehicle infotainment systems, not an internet-scale emergency. Prioritize inventory and vendor follow-up for fleets using the named JXL unit, especially where infotainment tampering could create operational, privacy, or safety-adjacent concerns.
Technical view
The CVE reports Bluetooth HID keystroke injection via a spoofed HID device. CVSS 3.1 is 7.6 High: adjacent network, low complexity, no privileges, no user interaction, with high integrity impact. It is mapped to CWE-306, missing authentication for a critical function. Formal affected product metadata is incomplete in the CVE record.
Likely exposure
Exposure is limited to vehicles or bench systems using the specific JXL 9 Inch Car Android Double Din Player Android v12.0 described by the CVE. Attackers must be within Bluetooth range. Broader Android or automotive infotainment exposure is not supported by the provided sources.
Exploitation context
The CVE is not listed in KEV, and the provided sources do not state active exploitation. The attack requires proximity and Bluetooth interaction, but no prior device privileges or user interaction per CVSS. Public reference material exists, so vulnerability managers should assume motivated researchers can understand the issue.
Researcher notes
Key uncertainty is product identification: the narrative names a JXL 9 Inch Car Android Double Din Player Android v12.0, while structured affected fields are n/a. Do not generalize to other JXL or Android head units without evidence. No patch, advisory, or active exploitation claim is provided in the source bundle.
Mitigation direction
Identify whether any deployed vehicles or lab units use the named JXL Android v12.0 player.
Check the vendor or supplier for firmware updates or Bluetooth security guidance.
Disable Bluetooth HID pairing or Bluetooth entirely where operationally acceptable.
Restrict physical proximity to affected vehicles or test benches in sensitive environments.
Avoid pairing unknown Bluetooth devices with the infotainment unit.
Validation and detection
Inventory infotainment model, Android version, and firmware build from device settings or procurement records.
Review Bluetooth settings for unexpected paired HID devices.
Confirm whether Bluetooth HID input is required for business operations.
Check CVE Program and referenced GitHub page for updated affected-version or remediation details.
Document compensating controls if no vendor fix is available.
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Potential ATT&CK relevance
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
cwe · medium confidence lookup
CWE-306: Credential and account abuse lookup
Authentication and credential weaknesses can make valid-account abuse and credential telemetry useful review starting points. Open the exact CWE lookup page first, then review the ATT&CK searches from that MITRE weakness context. This is a Glexia lookup hint, not an official ATT&CK mapping.
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.
We collect every scored CVSS vector available in the official CNA and ADP containers. When more than one version is present, the table keeps the source vectors side by side instead of collapsing them into the highest score.
CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.
CWE-306 · source CWE mapping
Missing Authentication for Critical Function
Missing Authentication for Critical Function represents a recurring weakness pattern that can create exploitable paths when design, validation, or implementation controls are missing.