EUVD-2025-18880

| CVE-2025-5820 HIGH
2025-06-21 [email protected]
Authentication Bypass Xav Ax8500 Firmware
8.8
CVSS 3.1
Share

CVSS VectorNVD

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
Analysis Generated
Mar 15, 2026 - 21:35 vuln.today
EUVD ID Assigned
Mar 15, 2026 - 21:35 euvd
EUVD-2025-18880
Patch Released
Mar 15, 2026 - 21:35 nvd
Patch available
CVE Published
Jun 21, 2025 - 01:15 nvd
HIGH 8.8

DescriptionNVD

Sony XAV-AX8500 Bluetooth ERTM Channel Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected Sony XAV-AX8500 devices. Authentication is not required to exploit this vulnerability.

The specific flaw exists within the implementation of Bluetooth ERTM channel communication. The issue results from improper channel data initialization. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-26285.

AnalysisAI

CVE-2025-5820 is a critical Bluetooth ERTM (Enhanced Retransmission Mode) channel authentication bypass vulnerability in Sony XAV-AX8500 infotainment systems that allows network-adjacent attackers to completely bypass authentication without any privileges or user interaction. Attackers can achieve high-impact compromise of confidentiality, integrity, and availability through improper channel data initialization in the Bluetooth implementation. The vulnerability has a CVSS 3.1 score of 8.8 (High) and represents a significant risk to vehicles using this aftermarket receiver, though exploitation requires physical proximity and the specific technical conditions of ERTM channel manipulation.

Technical ContextAI

This vulnerability exploits improper initialization in the Bluetooth Enhanced Retransmission Mode (ERTM) channel implementation within Sony XAV-AX8500 devices. ERTM is a Bluetooth L2CAP (Logical Link Control and Adaptation Protocol) feature designed for reliable, ordered delivery of data over Bluetooth connections. The flaw stems from CWE-288 (Authentication Bypass Using an Alternate Path or Channel), indicating that the device fails to properly validate authentication credentials when establishing or maintaining ERTM channels. The vulnerability was originally tracked as ZDI-CAN-26285, suggesting it was discovered through the Zero Day Initiative disclosure program. Rather than a cryptographic weakness, this represents a logical flaw where channel state initialization does not enforce proper authentication checks, allowing an attacker to inject data or establish privileged sessions without completing standard Bluetooth pairing/authentication protocols.

RemediationAI

Specific remediation information is limited in the provided data. Required actions: (1) Contact Sony customer support or check Sony's security advisory pages for firmware updates addressing CVE-2025-5820/ZDI-CAN-26285; (2) If firmware patches are available, perform immediate updates through Sony's official update channels (typically via USB connection to a computer or OTA if supported); (3) Temporary mitigations pending patches include disabling Bluetooth functionality if not critical to vehicle operation, or restricting Bluetooth visibility/pairing to known trusted devices only through the device settings; (4) Keep the device in non-discoverable mode when parked to reduce attack surface; (5) Monitor Sony's official security advisories at sony.com for patch availability and implementation instructions. The ZDI reference (ZDI-CAN-26285) suggests Zero Day Initiative involvement, so advisories may be available through ZDI's disclosure database.

Share

EUVD-2025-18880 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy