CVE-2025-5820 – Sony XAV-AX8500 Bluetooth ERTM Channel Authentication Bypass

June 20, 2025

CVE ID : CVE-2025-5820

Published : June 21, 2025, 1:15 a.m. | 31 minutes ago

Description : Sony XAV-AX8500 Bluetooth ERTM Channel Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected Sony XAV-AX8500 devices. Authentication is not required to exploit this vulnerability.

The specific flaw exists within the implementation of Bluetooth ERTM channel communication. The issue results from improper channel data initialization. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-26285.

Severity: 6.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-6216 – Allegra Password Recovery Authentication Bypass Vulnerability

Next Article CVE-2025-5479 – Sony XAV-AX8500 Bluetooth AVCTP Protocol Heap-based Buffer Overflow Remote Code Execution

This week in AI dev tools: Gemini 2.5 Pro and Flash GA, GitHub Copilot Spaces, and more (June 20, 2025)

Gemini 2.5 Pro and Flash are generally available and Gemini 2.5 Flash-Lite preview is announced

CSS Cascade Layers Vs. BEM Vs. Utility Classes: Specificity Control

IBM launches new integration to help unify AI security and governance

One of World of Warcraft’s deadliest entities makes a world-shattering return after nearly 20 years — and he’s city-sized

It feels like Blizzard has abandoned Diablo 2: Resurrected — but there’s one way to keep it alive for years to come

Steam’s performance tracking tool is becoming more like the Steam Deck’s — you can try it out right now

Borderlands 4 is killing off a tired “FOMO” trend — I hope other developers follow suit

Dr. Axel’s JavaScript flashcards

Dr. Axel’s JavaScript flashcards

Syntax-Highlight – Custom Element For Syntax Highlighting Content

WelsonJS – Build a Windows app on the Windows built-in JavaScript engine

One of World of Warcraft’s deadliest entities makes a world-shattering return after nearly 20 years — and he’s city-sized

One of World of Warcraft’s deadliest entities makes a world-shattering return after nearly 20 years — and he’s city-sized

It feels like Blizzard has abandoned Diablo 2: Resurrected — but there’s one way to keep it alive for years to come

Steam’s performance tracking tool is becoming more like the Steam Deck’s — you can try it out right now

CVE-2025-5820 – Sony XAV-AX8500 Bluetooth ERTM Channel Authentication Bypass

CVE-2025-6371 – D-Link DIR-619L Stack-Based Buffer Overflow Vulnerability

CVE-2025-6372 – D-Link DIR-619L Stack-Based Buffer Overflow Vulnerability

Framework laptops are the latest tech hit by Trump’s tariffs — restricting PC choices for US consumers

Apple names the best designed apps of 2025 – did your favorite make the list?

Best early Prime Day PC gaming deals: My 38 favorite sales live now

HTML Email Accessibility Report 2025

Google AI Introduce the Articulate Medical Intelligence Explorer (AMIE): A Large Language Model Optimized for Diagnostic Reasoning, and Evaluate its Ability to Generate a Differential Diagnosis

CVE-2023-34732 – Flytxt NEON-dX Password Brute Force Vulnerability

How AWS Sales uses generative AI to streamline account planning

Moscow Metro Digital Outage: Alleged Cyberattack or Technical Failure?

CVE-2025-5820 – Sony XAV-AX8500 Bluetooth ERTM Channel Authentication Bypass

Related Posts