CVE-2015-7645

ENISA EUVD: EUVD-2015-7548 ↗

Exploited in the Wild ✓ Confirmed 0-Day ★ Google Project Zero

Triaged: March 5, 2026 2 articles

VulnLookup ↗ NVD ↗ EUVD ↗ MITRE ↗ Advisory ↗ P0 Sheet ↗ CISA KEV ↗

EPSS Score

Source: FIRST.org · 2026-05-24

85.17%

probability

This CVE has a 85.17% probability of being exploited in the next 30 days.

0% Top 99.4th percentile of all CVEs 100%

CVSS v3.1

Source: NVD

7.8

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Description

Project Zero

Type confusion in IExternalizable.writeExternal

Affected Products

Google Project Zero

Discovered

Oct. 13, 2015

Patched

Oct. 16, 2015

Reported by

Peter Pi of Trend Micro, Natalie Silvanovich of Google Project Zero

Root Cause Analysis

???

Adobe Addresses 0-Day Vulnerability in Flash

Qualys Oct 16, 2015

Emergency Patch released for Latest Flash Zero-Day Vulnerability

TheHackerNews

Signal Intelligence

Confidenceⓘ

95%

EPSS 85.17%

CVSS v3.1 7.8

Mentions 2

Last Seen Oct 16, 2015

CNA Information

Analyst Note

Auto-imported from Google Project Zero — confirmed zero-day by definition.

Threat Actors 2

Leviathan

apt_group Information theft and espionage 🇨🇳 CN

RANCOR

apt_group Information theft and espionage 🇨🇳 CN

Triage Info

Decided atMar 05, 2026