CVE-2024-2105 MEDIUM

CVE-2024-2105: JBL: Improper validation of ICM field in connection requests

Vendor Jbl
Product Flip 5
Weakness CWE-1287
Published December 10, 2025
Last update December 10, 2025

CVSS base score

6.5/10
Attack vector Adjacent
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

What the vulnerability does

01Description

An unauthorised attacker within bluetooth range may use an improper validation during the BLE connection request to deadlock the affected devices.

Key dates

02Disclosure timeline

December 10, 2025 CVE published
December 10, 2025 Record updated

Related vulnerabilities

04Related CVE