CVE-2025-5476 – Sony XAV-AX8500 Bluetooth L2CAP Channel Isolation Authentication Bypass

June 20, 2025

CVE ID : CVE-2025-5476

Published : June 21, 2025, 1:15 a.m. | 31 minutes ago

Description : Sony XAV-AX8500 Bluetooth Improper Isolation Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected Sony XAV-AX8500 devices. Authentication is not required to exploit this vulnerability.

The specific flaw exists within the implementation of ACL-U links. The issue results from the lack of L2CAP channel isolation. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-26284.

Severity: 6.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-5477 – Sony XAV-AX8500 Bluetooth L2CAP Protocol Heap-based Buffer Overflow Remote Code Execution Vulnerability

Next Article CVE-2025-5475 – Sony XAV-AX8500 Bluetooth Integer Overflow Remote Code Execution Vulnerability

15 Essential Skills to Look for When Hiring Node.js Developers for Enterprise Projects (2025-2026)

African training program creates developers with cloud-native skills

React.js for SaaS Platforms: How Top Development Teams Help Startups Launch Faster

Upwork Freelancers vs Dedicated React.js Teams: What’s Better for Your Project in 2025?

LastPass can now warn or block logins to shadow SaaS apps – here’s how

Get up to a year of Adobe Creative Cloud access for 40% off

Got 6 hours? This free AI training from Google and Goodwill can boost your resume today

Why I recommend this budget phone with a paper-like screen over ‘minimalist’ devices

Laravel Boost, your AI coding starter kit

Laravel Boost, your AI coding starter kit

Using GitHub Copilot in VS Code

Optimizely Mission Control – Part I

Top 20 kubectl Commands Every Kubernetes Beginner Must Know

Top 20 kubectl Commands Every Kubernetes Beginner Must Know

Microsoft’s record stock run collides with Nadella’s admission that 15,000 layoffs still ‘hurt’

Microsoft and Adobe Power Up Fantasy Premier League Fans with AI – Here’s How

CVE-2025-5476 – Sony XAV-AX8500 Bluetooth L2CAP Channel Isolation Authentication Bypass

PlayPraetor Android Trojan Infects 11,000+ Devices via Fake Google Play Pages and Meta Ads

The Wild West of Shadow IT

CVE-2025-4267 – SourceCodester Oretnom23 Stock Management System SQL Injection Vulnerability

Patch your Windows PC now before bootkit malware takes it over – here’s how

CVE-2025-3821 – SourceCodester Web-based Pharmacy Product Management System Cross-Site Scripting Vulnerability

CVE-2025-5679 – Shenzhen Dashi Tongzhou Information Technology AgileBPM Deserialization Remote Code Execution Vulnerability

NVIDIA’s RTX 5060 GPUs are official — $299 starting price, massive performance gains

CVE-2025-5331 – PCMan FTP Server Buffer Overflow Vulnerability

CVE-2025-24350 – CtrlX OS Certificates and Keys Arbitrary File Write Vulnerability

CVE-2025-26168 – IXON VPN Client Local Privilege Escalation

CVE-2025-5476 – Sony XAV-AX8500 Bluetooth L2CAP Channel Isolation Authentication Bypass

Related Posts