← Back

CVE-2025-5820

nvd nist
Published: Jun 21, 2025Modified: Jul 8, 2025

JSON object

Loading...
8.8
Vector
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 2.8 / Impact: 5.9
Source: NVD

Description

Sony XAV-AX8500 Bluetooth ERTM Channel Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected Sony XAV-AX8500 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of Bluetooth ERTM channel communication. The issue results from improper channel data initialization. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-26285.

Affected (1)

Sony
1 product
Xav Ax8500 Firmware
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Xav Ax8500 Firmware
From 2.00.1 to 3.02.00
Running on/withPlatform Versions
Sony
Xav Ax8500
All versions

Related CWEs

CWE-288
Authentication Bypass Using an Alternate Path or Channel
A product requires authentication, but the product has an alternate path or channel that does not require authentication.

References (2)

Source: zdi-disclosures@trendmicro.com
Patch
Source: zdi-disclosures@trendmicro.com
Third Party Advisory

Timeline

No history available yet.