CVE-2025-5820 MEDIUM

CVE-2025-5820: Sony XAV-AX8500 Bluetooth ERTM Channel Authentication Bypass Vulnerability

Vendor Sony
Product XAV-AX8500
Weakness CWE-288
Published June 21, 2025
Last update June 23, 2025

CVSS base score

6.3/10
Attack vector Adjacent
Attack complexity Low
Privileges required None
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

What the vulnerability does

01Description

Sony XAV-AX8500 Bluetooth ERTM Channel Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected Sony XAV-AX8500 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of Bluetooth ERTM channel communication. The issue results from improper channel data initialization. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-26285.

Key dates

02Disclosure timeline

June 21, 2025 CVE published
June 23, 2025 Record updated