CVE-2025-32877
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-06-20

Last updated on: 2025-07-08

Assigner: MITRE

Description
An issue was discovered on COROS PACE 3 devices through 3.0808.0. It identifies itself as a device without input or output capabilities, which results in the use of the Just Works pairing method. This method does not implement any authentication, which therefore allows machine-in-the-middle attacks. Furthermore, this lack of authentication allows attackers to interact with the device via BLE without requiring prior authorization.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-06-20
Last Modified
2025-07-08
Generated
2026-05-07
AI Q&A
2025-06-20
EPSS Evaluated
2026-05-05
NVD
CVE-2025-32877
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
yftech coros_pace_3_firmware to 3.0808.0 (inc)
yftech coros_pace_3 *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-287 When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

CVE-2025-32877 is a vulnerability in the COROS PACE 3 smartwatch (up to version 3.0808.0) related to its Bluetooth Low Energy (BLE) pairing process. The device identifies itself as having no input or output capabilities, which causes it to use the "Just Works" pairing method. This method does not require authentication, allowing attackers to perform machine-in-the-middle (MITM) attacks. As a result, unauthorized attackers can connect to the device via BLE without prior authorization and potentially intercept or manipulate data. [1]


How can this vulnerability impact me? :

This vulnerability allows attackers to connect to the COROS PACE 3 smartwatch without authorization via BLE, enabling them to intercept, manipulate, or spoof data communicated between the device and other BLE clients. This can lead to privacy breaches, data tampering, and unauthorized control or access to the device's functions. [1]


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by monitoring Bluetooth Low Energy (BLE) pairing processes involving COROS PACE 3 devices. Using tools like Wireshark to capture BLE pairing requests and responses can reveal the use of the "Just Works" pairing method triggered by the device reporting its IO capability as "No Input, No Output" (0x03). Commands or tools to use include running Wireshark with BLE capture enabled to observe pairing exchanges, and using BLE proxy or exploitation frameworks such as MIRAGE and WHAD to simulate or detect unauthorized pairing attempts. Specifically, capturing BLE traffic and inspecting the IO capabilities exchanged during pairing can help identify the vulnerability. [1]


What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation steps include avoiding pairing the COROS PACE 3 device with unknown or untrusted BLE clients, disabling Bluetooth on the device when not in use, and monitoring for unauthorized BLE connections. Since no fix has been released as of the disclosure date, users should be cautious about exposing the device to potentially malicious BLE environments. Additionally, keeping the device firmware updated and following manufacturer advisories for the planned fix expected by the end of 2025 is recommended. [1]


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart