{"id":69799,"date":"2025-09-01T20:21:54","date_gmt":"2025-09-01T20:21:54","guid":{"rendered":""},"modified":"2025-10-04T00:32:21","modified_gmt":"2025-10-04T06:32:21","slug":"cve-2025-0075-arbitrary-code-execution-vulnerability-in-sdp-server","status":"publish","type":"post","link":"https:\/\/www.ameeba.com\/blog\/cve-2025-0075-arbitrary-code-execution-vulnerability-in-sdp-server\/","title":{"rendered":"CVE-2025-0075: Arbitrary Code Execution Vulnerability in SDP Server<\/strong>"},"content":{"rendered":"

Overview<\/strong><\/p>\n

The cybersecurity world is under the constant threat of vulnerabilities, and a new one has surfaced with the identification number CVE-2025-0075. This high-risk vulnerability resides in the sdp_server.cc’s process_service_search_attr_req, providing malicious actors with a possible way to execute arbitrary code. The severity of this vulnerability is alarming, as it can be exploited without any additional execution privileges<\/a> or user interaction. This makes it a serious threat to any system that utilizes this software<\/a> component.
\nIt is critically important to understand and address this vulnerability because of its potential<\/a> to allow remote code execution, which could lead to system compromise or data leakage. This vulnerability is a stark reminder of the importance of diligent and ongoing vulnerability management<\/a>.<\/p>\n

Vulnerability Summary<\/strong><\/p>\n

CVE ID: CVE-2025-0075
\nSeverity: Critical (9.8 CVSS score)
\nAttack Vector: Remote
\nPrivileges Required: None
\nUser Interaction: Not required
\nImpact: Remote code<\/a> execution, potential system compromise, and data leakage<\/p>\n

Affected Products<\/strong><\/p>

\r\n

\r\n \r\n \"Ameeba\r\n <\/a>\r\n A new way to communicate\r\n <\/h2>\r\n\r\n

\r\n Ameeba Chat is built on encrypted identity, not personal profiles.\r\n <\/p>\r\n\r\n

\r\n Message, call, share files, and coordinate with identities kept separate.\r\n <\/p>\r\n\r\n