CVE-2025-32875
Awaiting Analysis Awaiting Analysis - Queue
BaseFortify

Publication date: 2025-06-20

Last updated on: 2025-06-23

Assigner: MITRE

Description
An issue was discovered in the COROS application through 3.8.12 for Android. Bluetooth pairing and bonding is neither initiated nor enforced by the application itself. Also, the watch does not enforce pairing and bonding. As a result, any data transmitted via BLE remains unencrypted, allowing attackers within Bluetooth range to eavesdrop on the communication. Furthermore, even if a user manually initiates pairing and bonding in the Android settings, the application continues to transmit data without requiring the watch to be bonded. This fallback behavior enables attackers to exploit the communication, for example, by conducting an active machine-in-the-middle attack.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-06-20
Last Modified
2025-06-23
Generated
2026-05-07
AI Q&A
2025-06-20
EPSS Evaluated
2026-05-05
NVD
CVE-2025-32875
EUVD
EUVD-2025-18755
Affected Vendors & Products
Currently, no data is known.
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-311 The product does not encrypt sensitive or critical information before storage or transmission.
CWE-287 When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

The vulnerability in the COROS application and COROS PACE 3 watch involves the lack of enforced Bluetooth pairing and bonding. This means that data transmitted over Bluetooth Low Energy (BLE) between the watch and the Android app is sent unencrypted (in cleartext). Even if a user manually pairs the devices, the app still transmits data without requiring the watch to be bonded, allowing attackers within Bluetooth range to eavesdrop on or actively manipulate the communication. Attackers can perform man-in-the-middle attacks by impersonating the watch and preventing encryption, thus intercepting and altering sensitive data like API access tokens. [1]


How can this vulnerability impact me? :

This vulnerability can expose sensitive user data and authentication tokens to attackers within Bluetooth range. Attackers can eavesdrop on the communication or actively manipulate the data exchanged between the watch and the app. This poses a high risk because the communication is unencrypted and can be intercepted or altered easily, potentially compromising user privacy and security. [1]


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by sniffing Bluetooth Low Energy (BLE) traffic between the COROS PACE 3 watch and the COROS Android app to check for unencrypted data transmission. Tools such as MIRAGE, WHAD, and Sniffle can be used to capture BLE traffic and identify if sensitive data like API access tokens are transmitted in plaintext. Specific commands depend on the tool used, for example, using Sniffle you can run commands to scan and capture BLE packets within range to analyze the communication for lack of encryption. [1]


What immediate steps should I take to mitigate this vulnerability?

As of the advisory date, no fix has been released for this vulnerability. Immediate mitigation steps include minimizing the use of the COROS app and watch in environments where attackers could be within Bluetooth range, disabling Bluetooth when not in use, and avoiding transmitting sensitive data over BLE with these devices. Monitoring for updates from COROS Wearables, Inc. and applying any patches or updates once available is also recommended. [1]


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart