CVE-2025-5476

| EUVD-2025-18881 HIGH
2025-06-21 [email protected]
Authentication Bypass Xav Ax8500 Firmware
8.8
CVSS 3.1
Share

CVSS VectorNVD

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
Analysis Generated
Mar 15, 2026 - 21:35 vuln.today
EUVD ID Assigned
Mar 15, 2026 - 21:35 euvd
EUVD-2025-18881
Patch Released
Mar 15, 2026 - 21:35 nvd
Patch available
CVE Published
Jun 21, 2025 - 01:15 nvd
HIGH 8.8

DescriptionNVD

Sony XAV-AX8500 Bluetooth Improper Isolation Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected Sony XAV-AX8500 devices. Authentication is not required to exploit this vulnerability.

The specific flaw exists within the implementation of ACL-U links. The issue results from the lack of L2CAP channel isolation. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-26284.

AnalysisAI

CVE-2025-5476 is an authentication bypass vulnerability in Sony XAV-AX8500 Bluetooth car audio systems caused by improper L2CAP channel isolation in ACL-U links. A network-adjacent attacker can completely bypass authentication without user interaction to gain full control (read, modify, execute) of the device. This is a critical vulnerability affecting in-vehicle infotainment systems with potential safety and privacy implications.

Technical ContextAI

The vulnerability exists in the Bluetooth implementation of the Sony XAV-AX8500, specifically in the handling of ACL-U (Asynchronous Connection-Less Unauthenticated) links at the L2CAP (Logical Link Control and Adaptation Protocol) layer. The root cause is CWE-653 (Improper Isolation or Compartmentalization), where L2CAP channels are not properly isolated, allowing an attacker on an adjacent Bluetooth network to establish unauthorized channels and bypass the device's authentication mechanisms. This is fundamentally a protocol implementation flaw where the device fails to enforce proper state management and channel segregation in its Bluetooth stack, particularly in the early stages of connection establishment before authentication occurs.

RemediationAI

Immediate remediation requires: (1) Contact Sony directly or monitor their security advisory page for XAV-AX8500 firmware patches that address L2CAP channel isolation; (2) Apply firmware update to the device when available (typically done via USB or wireless update mechanism); (3) Until patches are available, mitigate by disabling Bluetooth on the device when parked in public areas, or reducing Bluetooth transmission power if supported; (4) Keep the device physically secure and avoid parking in high-risk areas; (5) Monitor for unauthorized pairing attempts in the device's Bluetooth settings; (6) If vehicle connectivity is critical, consider disabling sensitive functions (navigation history, stored credentials) from syncing to the infotainment system. Vendor patch status should be confirmed at Sony's official support page for the XAV-AX8500.

Share

CVE-2025-5476 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy