CVE-2025-69821
BaseFortify
Publication date: 2026-01-22
Last updated on: 2026-02-02
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| beatxp | vega_smartwatch_firmware | rb303atv006229 |
| beatxp | vega_smartwatch | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-404 | The product does not release or incorrectly releases a resource before it is made available for re-use. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in the Beat XP VEGA Smartwatch firmware version RB303ATV006229 is a design and implementation flaw in its Bluetooth Low Energy (BLE) connection. It allows any nearby BLE central device to connect to the smartwatch without authentication or session access control and maintain exclusive access to the single available BLE session indefinitely. This means an unauthorized device can take over the BLE connection, causing a denial of service by preventing legitimate connections. [1]
How can this vulnerability impact me? :
The vulnerability can cause a denial of service by allowing an attacker to monopolize the smartwatch's BLE connection, preventing legitimate devices from connecting. This could disrupt normal device functionality and potentially allow unauthorized control or access to the smartwatch's BLE communication. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by scanning for unauthorized BLE central devices connected to the Beat XP VEGA Smartwatch. Since the smartwatch allows any nearby BLE central device to establish and maintain the single available BLE session without authentication, monitoring BLE connections for unusual or persistent sessions can indicate exploitation. Using BLE scanning tools such as 'bluetoothctl' on Linux or 'hcitool lescan' can help identify connected devices. Commands like 'bluetoothctl' to list connected devices or 'hcitool con' to show current connections may be useful to detect unauthorized BLE connections. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include disabling BLE connectivity on the Beat XP VEGA Smartwatch if not needed, or restricting physical access to the device to prevent unauthorized BLE connections. Since the vulnerability stems from lack of authentication and session control in BLE communication, avoiding exposure to untrusted BLE central devices is critical. Applying firmware updates from the vendor, if available, that address this issue is also recommended. [1]