CVE-2025-41657 MEDIUM

CVE-2025-41657: AUMA: Incorrect delivery status of the Bluetooth configuration

Vendor Auma
Product AC1.2
Weakness CWE-207
Published June 10, 2025
Last update June 10, 2025

CVSS base score

4.3/10
Attack vector Adjacent
Attack complexity Low
Privileges required None
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

Due to an undocumented active bluetooth stack on products delivered within the period 01.01.2024 to 09.05.2025 fingerprinting is possible by an unauthenticated adjacent attacker.

Key dates

02Disclosure timeline

June 10, 2025 CVE published
June 10, 2025 Record updated