What is the CVSS score of CVE-2025-69969?

CVE-2025-69969 has a CVSS 3.1 base score of 9.6 (Critical). CVSS vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H. EPSS exploitation probability: 0.0%.

Which versions of Pebble Prism Ultra Firmware are affected by CVE-2025-69969?

A critical vulnerability in Pebble Prism Ultra v2.9.2 devices allows attackers to remotely execute arbitrary commands without authentication, with active public exploits already available.

Is there a public PoC exploit available for CVE-2025-69969?

Yes, a public proof-of-concept exploit is available for CVE-2025-69969. Prioritise patching immediately. EPSS: 0.0%.

How to fix or mitigate CVE-2025-69969?

Within 24 hours: Inventory all Pebble Prism Ultra v2.9.2 devices and isolate them from critical network segments; notify affected teams to discontinue use pending remediation. Within 7 days: Evaluate vendor's interim security guidance and assess alternative device solutions; implement network-level monitoring for unauthorized BLE communications. Within 30 days: Deploy replacement devices from vendor or alternate manufacturer once security patches are released and validated, or decommission affected units if no patch timeline is provided.

Pebble Prism Ultra Firmware CVE-2025-69969

CRITICAL

Missing Encryption of Sensitive Data (CWE-311)

2026-03-04 cve@mitre.org

RCE Information Disclosure Pebble Prism Ultra Firmware

9.6

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Attack Vector

Adjacent

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 22:05 vuln.today

PoC Detected

Mar 09, 2026 - 17:26 vuln.today

Public exploit code

CVE Published

Mar 04, 2026 - 17:16 nvd

CRITICAL 9.6

DescriptionNVD

A lack of authentication and authorization mechanisms in the Bluetooth Low Energy (BLE) communication protocol of SRK Powertech Pvt Ltd Pebble Prism Ultra v2.9.2 allows attackers to reverse engineer the protocol and execute arbitrary commands on the device without establishing a connection. This is exploitable over Bluetooth Low Energy (BLE) proximity (Adjacent), requiring no physical contact with the device. Furthermore, the vulnerability is not limited to arbitrary commands but includes cleartext data interception and unauthenticated firmware hijacking via OTA services.

AnalysisAI

Missing BLE authentication in Pebble Prism Ultra smartwatch. PoC available.

Technical ContextAI

CWE-311 missing encryption in BLE communication.

RemediationAI

Apply firmware update.

CVE-2025-69969 vulnerability details – vuln.today

Back

Pebble Prism Ultra Firmware CVE-2025-69969

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code