CVE-2025-63896 – This vulnerability allows attackers to inject a... (How to Fix)

Q: What is the severity of CVE-2025-63896?

CVE-2025-63896 has a CVSS score of 7.6 (HIGH). This vulnerability allows attackers to inject arbitrary keystrokes into JXL 9 Inch Car Android Double Din Player devices by spoofing a Bluetooth HID device. Attackers can simulate keyboard input to potentially control the infotainment system. This affects users of the specific JXL car Android device running Android v12.0.

📋 TL;DR

This vulnerability allows attackers to inject arbitrary keystrokes into JXL 9 Inch Car Android Double Din Player devices by spoofing a Bluetooth HID device. Attackers can simulate keyboard input to potentially control the infotainment system. This affects users of the specific JXL car Android device running Android v12.0.

💻 Affected Systems

Products:

JXL 9 Inch Car Android Double Din Player

Versions: Android v12.0

Operating Systems: Android

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects the specific JXL car infotainment device model. Requires Bluetooth to be enabled and in discoverable/pairable mode.

📦 What is this software?

Jxl 9 Inch Car Android Double Din Player Firmware by Jxlindia

View all CVEs affecting Jxl 9 Inch Car Android Double Din Player Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker could take full control of the infotainment system, access navigation data, make unauthorized calls, manipulate media, or potentially access connected smartphone data via the compromised device.

🟠

Likely Case

Attackers could inject keystrokes to open malicious apps, change settings, or access personal information stored on the device.

🟢

If Mitigated

With Bluetooth disabled or proper pairing controls, the attack surface is significantly reduced to physical proximity attacks only.

🌐 Internet-Facing: LOW - The vulnerability requires Bluetooth proximity and cannot be exploited over the internet.

🏢 Internal Only: MEDIUM - Attackers within Bluetooth range (typically up to 10 meters) can exploit this without authentication.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires Bluetooth proximity and spoofing a HID device, which can be done with readily available tools like Bluetooth adapters and software.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: http://jxl.com

Restart Required: No

Instructions:

No official patch available. Monitor vendor website for firmware updates.

🔧 Temporary Workarounds

Disable Bluetooth when not in use

all

Turn off Bluetooth functionality to prevent HID device pairing attempts

Navigate to Settings > Bluetooth > Toggle Bluetooth OFF

Enable Bluetooth pairing restrictions

all

Set Bluetooth to non-discoverable mode and require manual confirmation for pairing

Navigate to Settings > Bluetooth > Visibility > Set to 'Hidden' or 'Non-discoverable'

🧯 If You Can't Patch

Physically secure the vehicle when parked to prevent proximity attacks
Regularly monitor for suspicious Bluetooth pairing attempts or unexpected device behavior

🔍 How to Verify

Check if Vulnerable:

Check device model and Android version in Settings > About Device. If it matches affected products/versions and Bluetooth is enabled, the device is vulnerable.

Check Version:

Navigate to Settings > About Device > Android Version

Verify Fix Applied:

No official fix available to verify. Workarounds can be verified by confirming Bluetooth is disabled or in non-discoverable mode.

📡 Detection & Monitoring

Log Indicators:

Unexpected Bluetooth pairing events
Unfamiliar Bluetooth device names in pairing history
Unexpected keystroke inputs in system logs

Network Indicators:

Bluetooth connection attempts from unknown MAC addresses
HID profile connections from unauthorized devices

SIEM Query:

Not applicable - this is a Bluetooth-based attack not typically monitored by network SIEM systems.

📊 Metadata

CVE ID: CVE-2025-63896

CVSS v3 Score: 7.6 (HIGH)

CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L

CWE: CWE-306

EPSS Score: 0.01% exploit probability (2.1th percentile)

Published: December 4, 2025

Last Updated: January 22, 2026

🔗 References

http://jxl.com Broken Link
https://github.com/thorat-shubham/JXL_Infotainment_CVE/blob/main/README.md Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-63896, you might also want to check these: