CVE-2025-32879

| EUVD-2025-19014 HIGH
2025-06-20 [email protected]
8.8
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
Analysis Generated
Mar 15, 2026 - 00:19 vuln.today
EUVD ID Assigned
Mar 15, 2026 - 00:19 euvd
EUVD-2025-19014
PoC Detected
Jul 08, 2025 - 14:32 vuln.today
Public exploit code
CVE Published
Jun 20, 2025 - 14:15 nvd
HIGH 8.8

Tags

Authentication Bypass Bluetooth Information Disclosure Coros Pace 3 Firmware

Description

An issue was discovered on COROS PACE 3 devices through 3.0808.0. It starts advertising if no device is connected via Bluetooth. This allows an attacker to connect with the device via BLE if no other device is connected. While connected, none of the BLE services and characteristics of the device require any authentication or security level. Therefore, any characteristic, depending on their mode of operation (read/write/notify), can be used by the connected attacker. This allows, for example, configuring the device, sending notifications, resetting the device to factory settings, or installing software.

Analysis

CVE-2025-32879 is a security vulnerability (CVSS 8.8) that allows an attacker. Risk factors: public PoC available.

Technical Context

CWE-287 (Improper Authentication). CVSS 8.8 indicates high severity.

Affected Products

['Unspecified product']

Remediation

Monitor vendor channels for patch availability. Restrict network access to affected components and enable MFA as interim mitigation.

Priority Score

64
Low Medium High Critical
KEV: 0
EPSS: +0.1
CVSS: +44
POC: +20

Share

CVE-2025-32879 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy