{"api_version":"1","generated_at":"2026-04-24T07:51:23+00:00","cve":"CVE-2025-69515","urls":{"html":"https://cve.report/CVE-2025-69515","api":"https://cve.report/api/cve/CVE-2025-69515.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2025-69515","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2025-69515"},"summary":{"title":"CVE-2025-69515","description":"An issue in JXL 9 Inch Car Android Double Din Player Android v12.0 allows attackers to force the infotainment system into accepting falsified GPS signals as legitimate, resulting in the device reporting an incorrect or static location.","state":"PUBLISHED","assigner":"mitre","published_at":"2026-04-07 20:16:22","updated_at":"2026-04-09 15:16:08"},"problem_types":["CWE-941","n/a","CWE-941 CWE-941 Incorrectly Specified Destination in a Communication Channel"],"metrics":[{"version":"3.1","source":"ADP","type":"DECLARED","score":"9.1","severity":"CRITICAL","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H","data":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":9.1,"baseSeverity":"CRITICAL","confidentialityImpact":"NONE","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H","version":"3.1"}},{"version":"3.1","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","score":"9.1","severity":"CRITICAL","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"HIGH"}}],"references":[{"url":"https://github.com/thorat-shubham/JXL_Infotainment_CVE-2025-69515/blob/main/README.md","name":"https://github.com/thorat-shubham/JXL_Infotainment_CVE-2025-69515/blob/main/README.md","refsource":"cve@mitre.org","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"http://jxl.com","name":"http://jxl.com","refsource":"cve@mitre.org","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2025-69515","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-69515","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2025","cve_id":"69515","cve":"CVE-2025-69515","epss":"0.000510000","percentile":"0.157400000","score_date":"2026-04-15","updated_at":"2026-04-16 00:13:57"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":9.1,"baseSeverity":"CRITICAL","confidentialityImpact":"NONE","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H","version":"3.1"}},{"other":{"content":{"id":"CVE-2025-69515","options":[{"Exploitation":"poc"},{"Automatable":"yes"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","timestamp":"2026-04-09T14:14:00.577101Z","version":"2.0.3"},"type":"ssvc"}}],"problemTypes":[{"descriptions":[{"cweId":"CWE-941","description":"CWE-941 Incorrectly Specified Destination in a Communication Channel","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-04-09T14:19:30.744Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"descriptions":[{"lang":"en","value":"An issue in JXL 9 Inch Car Android Double Din Player Android v12.0 allows attackers to force the infotainment system into accepting falsified GPS signals as legitimate, resulting in the device reporting an incorrect or static location."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2026-04-07T19:06:44.223Z","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"references":[{"url":"http://jxl.com"},{"url":"https://github.com/thorat-shubham/JXL_Infotainment_CVE-2025-69515/blob/main/README.md"}]}},"cveMetadata":{"assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","cveId":"CVE-2025-69515","datePublished":"2026-04-07T00:00:00.000Z","dateReserved":"2026-01-09T00:00:00.000Z","dateUpdated":"2026-04-09T14:19:30.744Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2026-04-07 20:16:22","lastModifiedDate":"2026-04-09 15:16:08","problem_types":["CWE-941","n/a","CWE-941 CWE-941 Incorrectly Specified Destination in a Communication Channel"],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.2}]},"configurations":[]},"legacy_mitre":{"record":{"CveYear":"2025","CveId":"69515","Ordinal":"1","Title":"CVE-2025-69515","CVE":"CVE-2025-69515","Year":"2025"},"notes":[{"CveYear":"2025","CveId":"69515","Ordinal":"1","NoteData":"An issue in JXL 9 Inch Car Android Double Din Player Android v12.0 allows attackers to force the infotainment system into accepting falsified GPS signals as legitimate, resulting in the device reporting an incorrect or static location.","Type":"Description","Title":"CVE-2025-69515"}]}}}