CVE-2024-29745
Exploited in the Wild
✓ Confirmed 0-Day
★ Google Project Zero
Triaged: March 3, 2026
6 articles
EPSS Score
Source: FIRST.org · 2026-05-24
0.21%
probability
This CVE has a 0.21% probability
of being exploited in the next 30 days.
0%
Top 42.4th percentile of all CVEs
100%
CVSS score unavailable
Neither CIRCL nor NVD returned a CVSS score for this CVE.
View on VulnerabilityLookup ↗
Description
Project ZeroImproper input validation within the bootloader
Attack Intelligence
Google Project Zero
Patched
April 2, 2024
Reported by
???
Root Cause Analysis
???
Google fixes two Pixel zero-day flaws exploited by forensics firms
BleepingComputer
Apr 03, 2024
Google Reports 75 Zero-Days Exploited in 2024 — 44% Targeted Enterprise Security Products
TheHackerNews
Serbian police used Cellebrite zero-day hack to unlock Android phones
BleepingComputer
Feb 28, 2025
Google patches exploited Android zero-day on Pixel devices
BleepingComputer
Jun 12, 2024
Signal Intelligence
Confidence
92%
EPSS
0.21%
Mentions
6
Last Seen
Feb 28, 2025
CNA Information
Analyst Note
CVE-2024-29745 is confirmed as a legitimate zero-day vulnerability actively exploited by forensics firms against Pixel devices, as evidenced by Google Project Zero acknowledgment and multiple high-signal news reports from reputable sources. The vulnerability allows local information disclosure through uninitialized data without requiring user interaction or elevated privileges, making it a practical exploitation vector. High confidence is warranted despite the MEDIUM CVSS score due to real-world exploitation evidence and official patching by Google.
Threat Actors 3
RomCom
apt_group
Financial gain
🇷🇺 RU
Void Rabisu
apt_group
Financial gain
🇷🇺 RU
Red Dev 17
apt_group
🇨🇳 CN
Triage Info
Decided atMar 03, 2026