CVE-2025-5476
BaseFortify
Publication date: 2025-06-21
Last updated on: 2025-07-08
Assigner: Zero Day Initiative
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| sony | xav-ax8500_firmware | From 2.00.01 (inc) to 3.02.00 (exc) |
| sony | xav-ax8500 | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-653 | The product does not properly compartmentalize or isolate functionality, processes, or resources that require different privilege levels, rights, or permissions. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :
Exploiting this vulnerability can lead to unauthorized access to the affected device, potentially impacting the confidentiality, integrity, and availability of the system. [1]
What immediate steps should I take to mitigate this vulnerability?
Apply the update released by Sony for the XAV-AX8500 device to address and fix the Bluetooth authentication bypass vulnerability. [1]
Can you explain this vulnerability to me?
This vulnerability in the Sony XAV-AX8500 device is a Bluetooth authentication bypass caused by improper isolation in the implementation of ACL-U links, specifically due to a lack of L2CAP channel isolation. It allows network-adjacent attackers to bypass authentication without needing any prior authentication or user interaction. [1]