CVE-2025-8475
BaseFortify
Publication date: 2025-08-01
Last updated on: 2025-08-12
Assigner: Zero Day Initiative
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| alpsalpine | ilx-507_firmware | 6.0.000 |
| alpsalpine | ilx-507 | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-121 | A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function). |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a stack-based buffer overflow in the AVRCP protocol implementation on Alpine iLX-507 devices. It occurs because the device does not properly validate the length of user-supplied data before copying it to a fixed-length buffer on the stack. An attacker who is network-adjacent and can get the target device to connect to a malicious Bluetooth device can exploit this flaw to execute arbitrary code with root privileges.
How can this vulnerability impact me? :
If exploited, this vulnerability allows an attacker to execute arbitrary code on the affected device with root-level privileges. This can lead to full compromise of the device, including unauthorized control, data theft, or disruption of device functionality.