CVE-2025-5475
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-06-21

Last updated on: 2025-07-08

Assigner: Zero Day Initiative

Description
Sony XAV-AX8500 Bluetooth Packet Handling Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected Sony XAV-AX8500 devices. An attacker must first obtain the ability to pair a malicious Bluetooth device with the target system in order to exploit this vulnerability. The specific flaw exists within the handling of Bluetooth packets. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before writing to memory. An attacker can leverage this vulnerability to execute code in the context of the elysian-bt-service process. Was ZDI-CAN-26283.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-06-21
Last Modified
2025-07-08
Generated
2026-05-07
AI Q&A
2025-06-21
EPSS Evaluated
2026-05-05
NVD
CVE-2025-5475
EUVD
EUVD-2025-18885
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
sony xav-ax8500_firmware From 2.00.01 (inc) to 3.02.00 (exc)
sony xav-ax8500 *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-190 The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is an integer overflow flaw in the Bluetooth packet handling of the Sony XAV-AX8500 device. It occurs because the device does not properly validate user-supplied data in Bluetooth packets, which can cause an integer overflow before writing to memory. An attacker who can pair a malicious Bluetooth device with the target system can exploit this flaw to execute arbitrary code remotely within the context of the elysian-bt-service process. [1]


How can this vulnerability impact me? :

If exploited, this vulnerability allows an attacker to execute arbitrary code on the affected Sony XAV-AX8500 device. This can lead to a complete compromise of the device's confidentiality, integrity, and availability, potentially allowing the attacker to control the device, access sensitive information, or disrupt its normal operation. However, exploitation requires the attacker to be network-adjacent and able to pair a malicious Bluetooth device with the target. [1]


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability requires an attacker to pair a malicious Bluetooth device with the Sony XAV-AX8500 device. Detection would involve monitoring Bluetooth pairing attempts and connections to the device. Specific commands are not provided in the available resources. It is recommended to monitor Bluetooth device pairings and logs on the device for any unauthorized or suspicious connections. [1]


What immediate steps should I take to mitigate this vulnerability?

The immediate mitigation step is to update the Sony XAV-AX8500 media receiver firmware to version 3.02.00 or later, which addresses this Bluetooth communication vulnerability. The update can be performed via internet using USB tethering with a smartphone or via USB storage device following Sony's official update instructions. Additionally, ensure the device is not paired with unknown or untrusted Bluetooth devices to reduce risk until the update is applied. [2]


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart