CVE-2025-5820
BaseFortify
Publication date: 2025-06-21
Last updated on: 2025-07-08
Assigner: Zero Day Initiative
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| sony | xav-ax8500_firmware | From 2.00.1 (inc) to 3.02.00 (exc) |
| sony | xav-ax8500 | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-288 | The product requires authentication, but the product has an alternate path or channel that does not require authentication. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-5820 is a vulnerability in the Sony XAV-AX8500 device's Bluetooth ERTM channel communication. It is caused by improper initialization of channel data, which allows network-adjacent attackers to bypass authentication without needing any prior authentication or user interaction. This flaw lets attackers gain unauthorized access to the system. [1]
How can this vulnerability impact me? :
This vulnerability can allow attackers who are on a network adjacent to the affected device to bypass authentication and gain unauthorized access. This can lead to impacts on the confidentiality, integrity, and availability of the system, potentially allowing attackers to access sensitive information, alter data, or disrupt device functionality. [1]
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, you should apply the update released by Sony for the XAV-AX8500 device that addresses and fixes the Bluetooth ERTM channel authentication bypass issue. [1]