8.8

CVE-2025-5820

EPSS 0.02%
Veröffentlicht 21.06.2025 00:09:44
Zuletzt bearbeitet 08.07.2025 14:28:29
Quelle zdi-disclosures@trendmicro.com
CVE-Watchlists
Login
Unerledigt
Login

Sony XAV-AX8500 Bluetooth ERTM Channel Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected Sony XAV-AX8500 devices. Authentication is not required to exploit this vulnerability.

The specific flaw exists within the implementation of Bluetooth ERTM channel communication. The issue results from improper channel data initialization. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-26285.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Sony ≫ Xav-ax8500 Firmware Version >= 2.00.1 < 3.02.00

Sony ≫ Xav-ax8500 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.032

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
zdi-disclosures@trendmicro.com	6.3	2.8	3.4	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CWE-288 Authentication Bypass Using an Alternate Path or Channel

The product requires authentication, but the product has an alternate path or channel that does not require authentication.

https://www.sony.com/electronics/support/mobile-cd-players-digital-media-players-xav-series/xav-ax8500/software/00344092

Patch

https://www.zerodayinitiative.com/advisories/ZDI-25-358/

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-5820

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-5820

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-5820

EUVD