CVE-2025-5479
BaseFortify
Publication date: 2025-06-21
Last updated on: 2025-07-08
Assigner: Zero Day Initiative
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| sony | xav-ax8500_firmware | From 2.00.1 (inc) to 3.02.00 (exc) |
| sony | xav-ax8500 | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-122 | A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc(). |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a heap-based buffer overflow in the Bluetooth AVCTP protocol implementation on Sony XAV-AX8500 devices. It occurs because the device does not properly validate the length of user-supplied data before copying it into a heap buffer. An attacker who can pair a malicious Bluetooth device with the target system can exploit this flaw to execute arbitrary code within the context of the current process. [1]
How can this vulnerability impact me? :
If exploited, this vulnerability allows an attacker to execute arbitrary code on the affected Sony XAV-AX8500 device. This can lead to a complete compromise of the device's confidentiality, integrity, and availability, potentially allowing the attacker to control the device, access sensitive information, or disrupt its normal operation. [1]
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, you should apply the update released by Sony that addresses and fixes the heap-based buffer overflow in the Bluetooth AVCTP protocol implementation on Sony XAV-AX8500 devices. Additionally, restrict pairing of unknown or untrusted Bluetooth devices to prevent attackers from pairing malicious devices. [1]