CVE-2025-2818
BaseFortify
Publication date: 2025-07-17
Last updated on: 2025-07-17
Assigner: Lenovo Group Ltd.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| motorola | smart_connect | 1.0 |
| motorola | smart_connect | 08.0.1.011.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-319 | The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-2818 is a medium-severity vulnerability in version 1.0 of the Bluetooth Transmission Alliance protocol used by the Motorola Smart Connect Android application. The protocol lacks authentication for recipient devices during file transfers over Bluetooth Low Energy (BLE). This allows a nearby attacker within Bluetooth range to intercept files sent to devices that are not paired within the Smart Connect app by monitoring BLE advertising packets and performing passive eavesdropping to track devices. [1]
How can this vulnerability impact me? :
This vulnerability can allow an attacker within Bluetooth range to intercept files transferred to your device if it is not paired within the Smart Connect app. This could lead to unauthorized access to sensitive files and potential privacy breaches. The attacker can also track devices by extracting device names and IDs from BLE advertising packets. To reduce risk, users should update their Motorola phones to versions with the Security Patch Level of 2025-05-01 or later and SmartConnect version 08.0.1.011.0 or later. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring Bluetooth Low Energy (BLE) advertising packets for unpaired devices during file transfers. You can use BLE scanning tools such as 'hcitool lescan' or 'bluetoothctl' on Linux to scan for nearby BLE devices and observe their advertising data, including device names and IDs. Passive eavesdropping tools that capture BLE traffic may help identify suspicious activity related to unpaired file transfers. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include updating Motorola phones to software versions with Security Patch Level 2025-05-01 or later and SmartConnect app version 08.0.1.011.0 or later, which contain fixes for this vulnerability. Additionally, only download apps from authorized sources such as the Google Play Store and avoid handing your phone to untrusted individuals to reduce risk. [1]