9.6

CVE-2025-69969

Exploit

EPSS 0.04%
Veröffentlicht 04.03.2026 00:00:00
Zuletzt bearbeitet 09.03.2026 17:26:47
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

A lack of authentication and authorization mechanisms in the Bluetooth Low Energy (BLE) communication protocol of SRK Powertech Pvt Ltd Pebble Prism Ultra v2.9.2 allows attackers to reverse engineer the protocol and execute arbitrary commands on the device without establishing a connection. This is exploitable over Bluetooth Low Energy (BLE) proximity (Adjacent), requiring no physical contact with the device. Furthermore, the vulnerability is not limited to arbitrary commands but includes cleartext data interception and unauthenticated firmware hijacking via OTA services.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 2 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Pebblepower ≫ Pebble Prism Ultra Firmware Version < 2.5.8

Pebblepower ≫ Pebble Prism Ultra Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.126

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	9.6	2.8	6	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CWE-311 Missing Encryption of Sensitive Data

The product does not encrypt sensitive or critical information before storage or transmission.

CWE-319 Cleartext Transmission of Sensitive Information

The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

https://github.com/mukundbhuva/BLEached-Security

Third Party Advisory

Exploit

https://github.com/mukundbhuva/BLEached-Security/security/advisories/GHSA-cp6q-87g8-mq77

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2025-69969

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-69969

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-69969

EUVD