← Back

CVE-2025-5476

nvd nist
Published: Jun 21, 2025Modified: Jul 8, 2025

JSON object

Loading...
8.8
Vector
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 2.8 / Impact: 5.9
Source: NVD

Description

Sony XAV-AX8500 Bluetooth Improper Isolation Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected Sony XAV-AX8500 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of ACL-U links. The issue results from the lack of L2CAP channel isolation. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-26284.

Affected (1)

Sony
1 product
Xav Ax8500 Firmware
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Xav Ax8500 Firmware
From 2.00.01 to 3.02.00
Running on/withPlatform Versions
Sony
Xav Ax8500
All versions

Related CWEs

CWE-653
Improper Isolation or Compartmentalization
The product does not properly compartmentalize or isolate functionality, processes, or resources that require different privilege levels, rights, or permissions.

References (2)

Source: zdi-disclosures@trendmicro.com
Patch
Source: zdi-disclosures@trendmicro.com
Third Party Advisory

Timeline

No history available yet.