How to fix CVE-2025-69969?

Within 24 hours: Inventory all Pebble Prism Ultra v2.9.2 devices and isolate them from critical network segments; notify affected teams to discontinue use pending remediation. Within 7 days: Evaluate vendor's interim security guidance and assess alternative device solutions; implement network-level monitoring for unauthorized BLE communications. Within 30 days: Deploy replacement devices from vendor or alternate manufacturer once security patches are released and validated, or decommission affected units if no patch timeline is provided.

Is Pebble Prism Ultra Firmware affected by CVE-2025-69969?

A critical vulnerability in Pebble Prism Ultra v2.9.2 devices allows attackers to remotely execute arbitrary commands without authentication, with active public exploits already available.

CVE-2025-69969

CRITICAL

2026-03-04 [email protected]

9.6

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Attack Vector

Adjacent

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 22:05 vuln.today

PoC Detected

Mar 09, 2026 - 17:26 vuln.today

Public exploit code

CVE Published

Mar 04, 2026 - 17:16 nvd

CRITICAL 9.6

Description

A lack of authentication and authorization mechanisms in the Bluetooth Low Energy (BLE) communication protocol of SRK Powertech Pvt Ltd Pebble Prism Ultra v2.9.2 allows attackers to reverse engineer the protocol and execute arbitrary commands on the device without establishing a connection. This is exploitable over Bluetooth Low Energy (BLE) proximity (Adjacent), requiring no physical contact with the device. Furthermore, the vulnerability is not limited to arbitrary commands but includes cleartext data interception and unauthenticated firmware hijacking via OTA services.

Analysis

Missing BLE authentication in Pebble Prism Ultra smartwatch. PoC available.

Technical Context

CWE-311 missing encryption in BLE communication.

Affected Products

['Pebble Prism Ultra']

Remediation

Apply firmware update.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +48

POC: +20

CVE-2025-69969 vulnerability details – vuln.today

Back

CVE-2025-69969

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

CVE-2025-69969

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

External POC / Exploit Code