CVE-2025-5476 – Sony XAV-AX8500 Bluetooth L2CAP Channel Isolation Authentication Bypass

June 20, 2025

CVE ID : CVE-2025-5476

Published : June 21, 2025, 1:15 a.m. | 31 minutes ago

Description : Sony XAV-AX8500 Bluetooth Improper Isolation Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected Sony XAV-AX8500 devices. Authentication is not required to exploit this vulnerability.

The specific flaw exists within the implementation of ACL-U links. The issue results from the lack of L2CAP channel isolation. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-26284.

Severity: 6.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-5477 – Sony XAV-AX8500 Bluetooth L2CAP Protocol Heap-based Buffer Overflow Remote Code Execution Vulnerability

Next Article CVE-2025-5475 – Sony XAV-AX8500 Bluetooth Integer Overflow Remote Code Execution Vulnerability

Error’d: You Talkin’ to Me?

The Psychology Of Trust In AI: A Guide To Measuring And Designing For User Confidence

This week in AI updates: OpenAI Codex updates, Claude integration in Xcode 26, and more (September 19, 2025)

Report: The major factors driving employee disengagement in 2025

Development Release: Zorin OS 18 Beta

Distribution Release: IPFire 2.29 Core 197

Development Release: Ubuntu 25.10 Beta

Development Release: Linux Mint 7 Beta “LMDE”

The attack on the npm ecosystem continues

The attack on the npm ecosystem continues

Feature Highlight

SVAR React Core – New UI Library with 20+ Components

Hyprland Made Easy: Preconfigured Beautiful Distros

Hyprland Made Easy: Preconfigured Beautiful Distros

Development Release: Zorin OS 18 Beta

Distribution Release: IPFire 2.29 Core 197

CVE-2025-5476 – Sony XAV-AX8500 Bluetooth L2CAP Channel Isolation Authentication Bypass

Cursor AI Code Editor Flaw Enables Silent Code Execution via Malicious Repositories

Introducing HybridPetya: Petya/NotPetya copycat with UEFI Secure Boot bypass

Critical Webmin Vulnerability Let Remote Attackers Escalate Privileges to Root-Level

CVE-2024-57394 – Qi-ANXIN Tianqing Endpoint Security Management System DLL Hijacking Vulnerability

CVE-2025-3970 – Baseweb JSite Cross-Site Scripting Vulnerability

I’m surprised Xbox’s Grounded 2 just hit this player count milestone only two weeks after release — it must be flying on Xbox Game Pass

CVE-2024-53359 – Zalo Information Disclosure Vulnerability

5 reasons I turn to ChatGPT every day – from faster research to replacing Siri

CVE-2025-22241 – Apache Ansible VirtKey Directory Traversal Vulnerability

CVE-2025-20309 (CVSS 10): Cisco Patches Critical Static SSH Root Credential Flaw in Unified CM

CVE-2025-5476 – Sony XAV-AX8500 Bluetooth L2CAP Channel Isolation Authentication Bypass

Related Posts