CVE-2025-5476 – Sony XAV-AX8500 Bluetooth L2CAP Channel Isolation Authentication Bypass

June 20, 2025

CVE ID : CVE-2025-5476

Published : June 21, 2025, 1:15 a.m. | 31 minutes ago

Description : Sony XAV-AX8500 Bluetooth Improper Isolation Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected Sony XAV-AX8500 devices. Authentication is not required to exploit this vulnerability.

The specific flaw exists within the implementation of ACL-U links. The issue results from the lack of L2CAP channel isolation. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-26284.

Severity: 6.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-5477 – Sony XAV-AX8500 Bluetooth L2CAP Protocol Heap-based Buffer Overflow Remote Code Execution Vulnerability

Next Article CVE-2025-5475 – Sony XAV-AX8500 Bluetooth Integer Overflow Remote Code Execution Vulnerability

Highlights

CVE-2025-46823 – OpenMRS FHIR2 Privilege Escalation Vulnerability

May 29, 2025

CVE ID : CVE-2025-46823

Published : May 29, 2025, 6:15 p.m. | 3 hours, 18 minutes ago

Description : openmrs-module-fhir2 provides the FHIR REST API and related services for OpenMRS, an open medical records system. In versions of the FHIR2 module prior to 2.5.0, privileges were not always correctly checked, which means that unauthorized users may have been able to add or edit data they were not supposed to be able to. All implementers should update to FHIR2 2.5.0 or newer as soon as is feasible to receive a patch.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

This week in AI dev tools: Gemini 2.5 Pro and Flash GA, GitHub Copilot Spaces, and more (June 20, 2025)

Gemini 2.5 Pro and Flash are generally available and Gemini 2.5 Flash-Lite preview is announced

CSS Cascade Layers Vs. BEM Vs. Utility Classes: Specificity Control

IBM launches new integration to help unify AI security and governance

One of World of Warcraft’s deadliest entities makes a world-shattering return after nearly 20 years — and he’s city-sized

It feels like Blizzard has abandoned Diablo 2: Resurrected — but there’s one way to keep it alive for years to come

Steam’s performance tracking tool is becoming more like the Steam Deck’s — you can try it out right now

Borderlands 4 is killing off a tired “FOMO” trend — I hope other developers follow suit

Dr. Axel’s JavaScript flashcards

Dr. Axel’s JavaScript flashcards

Syntax-Highlight – Custom Element For Syntax Highlighting Content

WelsonJS – Build a Windows app on the Windows built-in JavaScript engine

One of World of Warcraft’s deadliest entities makes a world-shattering return after nearly 20 years — and he’s city-sized

One of World of Warcraft’s deadliest entities makes a world-shattering return after nearly 20 years — and he’s city-sized

It feels like Blizzard has abandoned Diablo 2: Resurrected — but there’s one way to keep it alive for years to come

Steam’s performance tracking tool is becoming more like the Steam Deck’s — you can try it out right now

CVE-2025-5476 – Sony XAV-AX8500 Bluetooth L2CAP Channel Isolation Authentication Bypass

CVE-2025-6371 – D-Link DIR-619L Stack-Based Buffer Overflow Vulnerability

CVE-2025-6372 – D-Link DIR-619L Stack-Based Buffer Overflow Vulnerability

Today’s LLMs craft exploits from patches at lightning speed

How Anomalo solves unstructured data quality issues to deliver trusted assets for AI with AWS

Learn College Calculus and Implement with Python

Microsoft wants to streamline your workday with powerful AI agents

CVE-2025-46823 – OpenMRS FHIR2 Privilege Escalation Vulnerability

North Korean Hackers Targeted Nearly 18,000 in Phishing Campaign During Martial Law Turmoil

Why Good Design Matters — Even in Instagram Ads

This Samsung tablet is the best iPad Air alternative for Android users I’ve found

CVE-2025-5476 – Sony XAV-AX8500 Bluetooth L2CAP Channel Isolation Authentication Bypass

Related Posts