CVE-2025-5479 – Sony XAV-AX8500 Bluetooth AVCTP Protocol Heap-based Buffer Overflow Remote Code Execution

June 20, 2025

CVE ID : CVE-2025-5479

Published : June 21, 2025, 1:15 a.m. | 31 minutes ago

Description : Sony XAV-AX8500 Bluetooth AVCTP Protocol Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Sony XAV-AX8500 devices. An attacker must first obtain the ability to pair a malicious Bluetooth device with the target system in order to exploit this vulnerability.

The specific flaw exists within the implementation of the Bluetooth AVCTP protocol. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-26290.

Severity: 7.5 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-5820 – Sony XAV-AX8500 Bluetooth ERTM Channel Authentication Bypass

Next Article CVE-2025-5478 – Sony XAV-AX8500 Bluetooth SDP Protocol Integer Overflow Remote Code Execution Vulnerability

This week in AI dev tools: Gemini 2.5 Pro and Flash GA, GitHub Copilot Spaces, and more (June 20, 2025)

Gemini 2.5 Pro and Flash are generally available and Gemini 2.5 Flash-Lite preview is announced

CSS Cascade Layers Vs. BEM Vs. Utility Classes: Specificity Control

IBM launches new integration to help unify AI security and governance

I love that transparent technology is making a comeback — and one of the biggest gaming companies has joined the fun

“Let’s amp up everything” — Directive 8020 is Alien meets The Thing, and it’s introducing these huge changes for Supermassive’s cinematic horror games

Poll: Is Xbox heading in the right direction? Cast your vote here!

Microsoft is blocking Google Chrome in the name of family safety — but this time it actually makes sense

Lakeflow: Revolutionizing SCD2 Pipelines with Change Data Capture (CDC)

Lakeflow: Revolutionizing SCD2 Pipelines with Change Data Capture (CDC)

vitorccs/laravel-csv

Dr. Axel’s JavaScript flashcards

I love that transparent technology is making a comeback — and one of the biggest gaming companies has joined the fun

I love that transparent technology is making a comeback — and one of the biggest gaming companies has joined the fun

“Let’s amp up everything” — Directive 8020 is Alien meets The Thing, and it’s introducing these huge changes for Supermassive’s cinematic horror games

Poll: Is Xbox heading in the right direction? Cast your vote here!

CVE-2025-5479 – Sony XAV-AX8500 Bluetooth AVCTP Protocol Heap-based Buffer Overflow Remote Code Execution

ConnectWise to Rotate ScreenConnect Code Signing Certificates Due to Security Risks

Former Black Basta Members Use Microsoft Teams and Python Scripts in 2025 Attacks

CVE-2025-37990 – “Broadcom brcm80211 WiFi Linux Kernel Uninitialized Variable Use”

CVE-2025-20210 – “Cisco Catalyst Center Unauthenticated API Proxy Configuration Disclosure and Modification”

CVE-2025-20279 – Cisco Unified CCX Stored XSS Vulnerability

CVE-2025-25179 – Citrix XenServer GPU Escalation of Privilege

CVE-2025-4111 – PHPGurukul Pre-School Enrollment System SQL Injection Vulnerability

CVE-2025-36633 – Tenable Agent Local Privilege Escalation

CVE-2025-3851 – WordPress SmartPay Insecure Direct Object Reference Vulnerability

CVE-2025-5000 – “Linksys FGW3000 HTTP POST Request Handler Command Injection Vulnerability”

CVE-2025-5479 – Sony XAV-AX8500 Bluetooth AVCTP Protocol Heap-based Buffer Overflow Remote Code Execution

Related Posts