CVE-2025-32879
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-06-20

Last updated on: 2025-07-08

Assigner: MITRE

Description
An issue was discovered on COROS PACE 3 devices through 3.0808.0. It starts advertising if no device is connected via Bluetooth. This allows an attacker to connect with the device via BLE if no other device is connected. While connected, none of the BLE services and characteristics of the device require any authentication or security level. Therefore, any characteristic, depending on their mode of operation (read/write/notify), can be used by the connected attacker. This allows, for example, configuring the device, sending notifications, resetting the device to factory settings, or installing software.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-06-20
Last Modified
2025-07-08
Generated
2026-05-07
AI Q&A
2025-06-20
EPSS Evaluated
2026-05-05
NVD
CVE-2025-32879
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
yftech coros_pace_3_firmware to 3.0808.0 (inc)
yftech coros_pace_3 *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-306 The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
CWE-287 When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

The vulnerability in COROS PACE 3 devices up to firmware version 3.0808.0 allows an attacker to connect to the device via Bluetooth Low Energy (BLE) when no other device is connected. The device advertises itself openly in this state. Once connected, the attacker can access all BLE services and characteristics without any authentication or security checks. This means the attacker can read or write any data, enabling actions such as configuring the device, sending notifications, resetting it to factory settings, or installing software. [1]


How can this vulnerability impact me? :

This vulnerability can allow an attacker within Bluetooth range to take full control of your COROS PACE 3 device without your permission. They could change device settings, send unauthorized notifications, reset the device to factory defaults, or install potentially malicious software. This compromises the security and integrity of your device and any data it holds or processes. [1]


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by scanning for BLE advertising from COROS PACE 3 devices when no other device is connected. Using standard BLE tools like 'gatttool' or BLE scanning utilities, you can check if the device is advertising and allows connections without authentication. For example, using 'gatttool' to connect and attempt to read or write to BLE characteristics can confirm the vulnerability. Specific commands include writing hex values to characteristic handles to test for unauthorized control, such as factory reset commands or toggling settings. [1]


What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation steps include avoiding leaving the COROS PACE 3 device in a state where it is advertising and unconnected via BLE, as this allows unauthorized connections. Limit physical access to the device to prevent attackers from connecting via BLE. Since no fix is currently available, monitor for firmware updates from the manufacturer expected by the end of 2025 and apply them promptly once released. [1]


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart