{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2025-69515", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2026-04-09T14:19:30.744Z", "dateReserved": "2026-01-09T00:00:00.000Z", "datePublished": "2026-04-07T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-04-07T19:06:44.223Z"}, "descriptions": [{"lang": "en", "value": "An issue in JXL 9 Inch Car Android Double Din Player Android v12.0 allows attackers to force the infotainment system into accepting falsified GPS signals as legitimate, resulting in the device reporting an incorrect or static location."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "http://jxl.com"}, {"url": "https://github.com/thorat-shubham/JXL_Infotainment_CVE-2025-69515/blob/main/README.md"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-941", "lang": "en", "description": "CWE-941 Incorrectly Specified Destination in a Communication Channel"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-04-09T14:14:00.577101Z", "id": "CVE-2025-69515", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-09T14:19:30.744Z"}}]}, "dataVersion": "5.2"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-69515", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-09T14:14:00.577101Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-941", "description": "CWE-941 Incorrectly Specified Destination in a Communication Channel"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-09T14:17:35.690Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "http://jxl.com"}, {"url": "https://github.com/thorat-shubham/JXL_Infotainment_CVE-2025-69515/blob/main/README.md"}], "descriptions": [{"lang": "en", "value": "An issue in JXL 9 Inch Car Android Double Din Player Android v12.0 allows attackers to force the infotainment system into accepting falsified GPS signals as legitimate, resulting in the device reporting an incorrect or static location."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-04-07T19:06:44.223Z"}}}, "cveMetadata": {"cveId": "CVE-2025-69515", "state": "PUBLISHED", "dateUpdated": "2026-04-09T14:19:30.744Z", "dateReserved": "2026-01-09T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2026-04-07T00:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "An issue in JXL 9 Inch Car Android Double Din Player Android v12.0 allows attackers to force the infotainment system into accepting falsified GPS signals as legitimate, resulting in the device reporting an incorrect or static location."}], "id": "CVE-2025-69515", "lastModified": "2026-04-09T15:16:08.863", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.2, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-04-07T20:16:22.950", "references": [{"source": "cve@mitre.org", "url": "http://jxl.com"}, {"source": "cve@mitre.org", "url": "https://github.com/thorat-shubham/JXL_Infotainment_CVE-2025-69515/blob/main/README.md"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-941"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "12.0"}}], "enrichment": {"confidence": 80.0, "confidence_source": "inferred", "scores": [{"score": 80.0, "source": "inferred"}, {"score": 90.0, "source": "matching"}]}, "original": {"product": "n/a", "source": "cna", "vendor": "n/a"}, "product": "jxl_9_inch_car_android_double_din_player", "vendor": "jxlindia"}], "analysis": {"en": {"generated_at": "2026-04-07T22:12:06.215918+00:00", "value": {"mitigation_remediation": ["Verify the source of GPS data and configure the device to use authenticated or trusted location services.", "Check with the vendor for a patch or firmware update that addresses GPS validation.", "If a patch is unavailable, disable or restrict the device\u2019s ability to accept external GPS inputs.", "Monitor the system for unexpected location changes and log any anomalies."], "summary": {"action": "Assess Impact", "impact": "Location Spoofing (GPS data manipulation)"}, "threat_synthesis": {"affected_systems": "JXL 9 Inch Car Android Double Din Player running Android 12.0 is the affected product. No other vendor or version details are provided.", "description_and_impact": "The vulnerability allows an attacker to inject falsified GPS coordinates into the infotainment system, causing the device to believe it is at a different location. This incorrect or static location can undermine navigation, safety features, and other location\u2011dependent functions. The weakness arises from the system\u2019s failure to validate or authenticate external GPS data before accepting it as legitimate.", "risk_and_exploitability": "CVSS, EPSS, and KEV information are not available, indicating uncertainty about severity and exploitation likelihood. The likely attack vector is inferred: an attacker would need the ability to inject GPS signals, which could require physical proximity or network access that can tamper with the device\u2019s radio. If exploited, the attacker could manipulate the device\u2019s perceived location across the entire vehicle, posing moderate to high risk, especially in safety\u2011critical automotive contexts. The absence of an official remediation or workaround increases the urgency for users to consult the vendor or implement alternative safeguards."}}}}, "created": "2026-04-08T19:50:25.912623+00:00", "title": "GPS Spoofing Vulnerability in JXL 9\u2011Inch Car Android Double\u2011Din Player", "updated": "2026-04-09T08:24:35.593560+00:00", "vendors": ["jxlindia", "jxlindia$PRODUCT$jxl_9_inch_car_android_double_din_player"], "weaknesses": ["CWE-295"]}