CVE-2025-69821
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2026-01-22

Last updated on: 2026-02-02

Assigner: MITRE

Description
An issue in Beat XP VEGA Smartwatch (Firmware Version - RB303ATV006229) allows an attacker to cause a denial of service via the BLE connection
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-22
Last Modified
2026-02-02
Generated
2026-06-16
AI Q&A
2026-01-22
EPSS Evaluated
2026-06-15
NVD
CVE-2025-69821
EUVD
EUVD-2026-4128
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
beatxp vega_smartwatch_firmware rb303atv006229
beatxp vega_smartwatch *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-404 The product does not release or incorrectly releases a resource before it is made available for re-use.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability in the Beat XP VEGA Smartwatch firmware version RB303ATV006229 is a design and implementation flaw in its Bluetooth Low Energy (BLE) connection. It allows any nearby BLE central device to connect to the smartwatch without authentication or session access control and maintain exclusive access to the single available BLE session indefinitely. This means an unauthorized device can take over the BLE connection, causing a denial of service by preventing legitimate connections. [1]

Impact Analysis

The vulnerability can cause a denial of service by allowing an attacker to monopolize the smartwatch's BLE connection, preventing legitimate devices from connecting. This could disrupt normal device functionality and potentially allow unauthorized control or access to the smartwatch's BLE communication. [1]

Detection Guidance

This vulnerability can be detected by scanning for unauthorized BLE central devices connected to the Beat XP VEGA Smartwatch. Since the smartwatch allows any nearby BLE central device to establish and maintain the single available BLE session without authentication, monitoring BLE connections for unusual or persistent sessions can indicate exploitation. Using BLE scanning tools such as 'bluetoothctl' on Linux or 'hcitool lescan' can help identify connected devices. Commands like 'bluetoothctl' to list connected devices or 'hcitool con' to show current connections may be useful to detect unauthorized BLE connections. [1]

Mitigation Strategies

Immediate mitigation steps include disabling BLE connectivity on the Beat XP VEGA Smartwatch if not needed, or restricting physical access to the device to prevent unauthorized BLE connections. Since the vulnerability stems from lack of authentication and session control in BLE communication, avoiding exposure to untrusted BLE central devices is critical. Applying firmware updates from the vendor, if available, that address this issue is also recommended. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-69821. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart