AI description
CVE-2025-20700 refers to a security vulnerability found in Airoha Bluetooth chips, which are used in numerous audio devices like headphones and earbuds from brands such as Sony, JBL, and Bose. The vulnerability stems from missing authentication for GATT Services. An attacker within Bluetooth range can exploit this vulnerability to gain unauthorized access to the device. Successful exploitation of CVE-2025-20700 can allow attackers to manipulate the device, potentially reading and writing RAM and flash memory. This can lead to hijacking trust relationships with paired smartphones, eavesdropping on conversations by activating the device's microphone, initiating or intercepting phone calls, and extracting phone numbers and contact lists from connected phones.
- Description
- In the Airoha Bluetooth audio SDK, there is a possible permission bypass that allows access critical data of RACE protocol through Bluetooth LE GATT service. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
- Source
- security@mediatek.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
- security@mediatek.com
- CWE-306
- Hype score
- Not currently trending
ATK-maailmassa on levinnyt tieto uudesta Bluetooth laitteisiin liittyvästä tietoturvallisuushaavoittuvuudesta (tunnisteet: CVE-2025-20700, CVE-2025-20701 ja CVE-2025-20702). Kyseiset haavoittuvuudet koskevat kuluttajatuotteita, jotka käyttävät yhtä tiettyä Bluetooth modu
@valco_fi
6 Jan 2026
107 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
Dear @Bose when do you plan to fix: CVE-2025-20700: No authentication on BLE CVE-2025-20701: No authentication on BT Classic CVE-2025-20702: Debug protocol exposed that should never be accessible which make the Airoha chipset on your QC Buds an open door to my phone?
@gravax
3 Jan 2026
89 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
those bluetooth earbuds, speakers, etc. 👀 CVE-2025-20700 / CVE-2025-20701 / CVE-2025-20702 https://t.co/XNMwcpt9Ep
@gringo_ctm
2 Jan 2026
78 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
⚠️ Vulnerabilidades en chipsets Bluetooth ❗ CVE-2025-20700 ❗ CVE-2025-20701 ❗ CVE-2025-20702 ➡️ Más info: https://t.co/0znjTzVrM4 https://t.co/6FsC7RUzch
@CERTpy
2 Jan 2026
126 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
🚨 Bluetooth exploit toolkit released for Airoha headphone flaws impacting major brands Researchers published full technical details and a testing toolkit for three Airoha-based Bluetooth vulnerabilities (CVE-2025-20700/20701/20702) that can be abused by an attacker within
@ThreatSynop
1 Jan 2026
38 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Bluetooth Headphone Jacking: Full Disclosure of Airoha RACE Vulnerabilities This blog post is about CVE-2025-20700, CVE-2025-20701, and CVE-2025-20702 vulnerabilities technical details in Airoha-based Bluetooth headphones and earbuds. https://t.co/HGPppeXr94 pdf: https://t.co/11U
@blackorbird
30 Dec 2025
3731 Impressions
11 Retweets
45 Likes
26 Bookmarks
0 Replies
0 Quotes
به تازگی برای پروتکل Airoha که مبتنی بر Bluetooth می باشد و در بیشتر هدفون های Sony و مارشال و سایر هدفون های دیگر استفاده می شود ، آسیب پذیری هایی با کد های شناسایی C
@EthicalSafe
29 Dec 2025
38 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Bluetooth Headphone Flaws Let Attackers Hijack Connected Smartphones Researchers disclosed three Airoha SoC issues (CVE-2025-20700/20701/20702) that allow nearby attackers to access the RACE protocol without proper authentication, then extract the Bluetooth Link Key and
@ThreatSynop
29 Dec 2025
47 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Airoha Bluetooth Headphone Flaws Let Attackers Hijack Paired Smartphones Three bugs (CVE-2025-20700/20701/20702) in Airoha’s RACE protocol allow nearby attackers to connect without authentication, gain arbitrary memory read/write, and extract the Bluetooth link key to
@ThreatSynop
29 Dec 2025
42 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Researchers detail CVE-2025-20700/1/2 in Airoha-based Bluetooth headphones from Sony, Bose, JBL, allowing eavesdropping and smartphone hijack. Firmware updates urged. #Bluetooth https://t.co/Klhv8Iy6mn
@threatcluster
29 Dec 2025
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Hey @Bose/@BoseService fix the BT CVE on your headphones CVE-2025-20700, CVE-2025-20701, CVE-2025-20702 https://t.co/PGt3aboa11 https://t.co/nAGqHybae3
@AphixJS
27 Dec 2025
66 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Bluetoothの脆弱性により、マイク通じた盗聴が可能になる恐れ(CVE-2025-20700、CVE-2025-20701、CVE-2025-20702) https://t.co/5917jBlcSB これ関連のアップデートかな? やっぱり……対象だった😳 https://t.co/MEog2LU6yN
@miuutahosi
11 Dec 2025
189 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
1 Quote
CVE-2025-20700 (CVSS:8.8, HIGH) is Awaiting Analysis. In the Airoha Bluetooth audio SDK, there is a possible permission bypass that allows access critical data of RACE protoc..https://t.co/rwGXp7LuPT #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre
@cracbot
9 Aug 2025
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-20700 Bluetooth LE GATT Permission Bypass in Airoha SDK Enabling Privilege Escalation https://t.co/HOYFl1JCgI
@VulmonFeeds
4 Aug 2025
94 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-20700 In the Airoha Bluetooth audio SDK, there is a possible permission bypass that allows access critical data of RACE protocol through Bluetooth LE GATT service. This cou… https://t.co/JCoSsXHuP1
@CVEnew
4 Aug 2025
681 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Bluetooth gap turns headphones into listening stations CVE-2025-20700: Missing Authentication for GATT Services CVE-2025-20701: Missing Authentication for Bluetooth BR/EDR CVE-2025-20702: Critical Capabilities of a Custom Protocol #hacks #China #f1jp https://t.co/qL62ywHJsz
@D_Hackz
10 Jul 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Bluetooth gap turns headphones into listening stations CVE-2025-20700: Missing Authentication for GATT Services CVE-2025-20701: Missing Authentication for Bluetooth BR/EDR CVE-2025-20702: Critical Capabilities of a Custom Protocol #hacks #China #f1jp https://t.co/JKhJg4ulgq
@cybersecur80472
10 Jul 2025
8 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Bluetooth gap turns headphones into listening stations CVE-2025-20700: Missing Authentication for GATT Services CVE-2025-20701: Missing Authentication for Bluetooth BR/EDR CVE-2025-20702: Critical Capabilities of a Custom Protocol #hacks #China #f1jp https://t.co/Xb9I8owMVz
@nathy_hackers
10 Jul 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Bluetooth gap turns headphones into listening stations CVE-2025-20700: Missing Authentication for GATT Services CVE-2025-20701: Missing Authentication for Bluetooth BR/EDR CVE-2025-20702: Critical Capabilities of a Custom Protocol #hacks #China #f1jp https://t.co/PcNYy00YiW
@NumeroUnoHacker
9 Jul 2025
129 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Bluetooth gap turns headphones into listening stations CVE-2025-20700: Missing Authentication for GATT Services CVE-2025-20701: Missing Authentication for Bluetooth BR/EDR CVE-2025-20702: Critical Capabilities of a Custom Protocol #hacks #China #f1jp https://t.co/LC1mOxWP5k
@cyberuncrack
9 Jul 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Bluetooth gap turns headphones into listening stations CVE-2025-20700: Missing Authentication for GATT Services CVE-2025-20701: Missing Authentication for Bluetooth BR/EDR CVE-2025-20702: Critical Capabilities of a Custom Protocol #hacks #China #f1jp https://t.co/OBjqEbHBbZ
@cyberecstasy01
9 Jul 2025
77 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Bluetooth gap turns headphones into listening stations CVE-2025-20700: Missing Authentication for GATT Services CVE-2025-20701: Missing Authentication for Bluetooth BR/EDR CVE-2025-20702: Critical Capabilities of a Custom Protocol #hacks #China #f1jp https://t.co/7urKK8D28s
@hackersguru01
8 Jul 2025
84 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Bluetooth gap turns headphones into listening stations CVE-2025-20700: Missing Authentication for GATT Services CVE-2025-20701: Missing Authentication for Bluetooth BR/EDR CVE-2025-20702: Critical Capabilities of a Custom Protocol #hacks #China #f1jp https://t.co/qbNGFBYhFb
@infiltr08
6 Jul 2025
195 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-20700 CVE-2025-20701 CVE-2025-20702 https://t.co/UzVVbS5oZ1
@huseyin_y52727
2 Jul 2025
11 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Flaws in Airoha Bluetooth chips (CVE-2025-20700-20702) allow attackers to hijack headphones, eavesdrop, and extract call logs without pairing. https://t.co/T426LkeaKw https://t.co/zpa59MfzEX
@svobodacenter
1 Jul 2025
23 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Bluetooth flaws in 29 audio devices (Bose, Sony, Jabra) allow attackers within range to hijack the connection, make calls, and even eavesdrop via your phone’s mic. CVE-2025-20700 to -20702 show how ordinary devices can become high-risk entry points. #CyberSecurity https://t.co
@Shift6Security
1 Jul 2025
72 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
Bluetooth flaws in 29 audio devices (Bose, Sony, Jabra) allow attackers within range to hijack the connection, make calls, and even eavesdrop via your phone’s mic. CVE-2025-20700 to -20702 show how ordinary devices can become high-risk entry points. #CyberSecurity https://t.c
@Shift6Security
1 Jul 2025
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Bluetooth flaws could let hackers spy through your microphone Researchers uncovered three Bluetooth vulnerabilities (CVE-2025-20700 to -20702) in Airoha chipsets used in 29 audio devices from major brands like Sony, Bose, and JBL. The flaws allow attackers within Bluetooth range
@dCypherIO
30 Jun 2025
25 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Bluetoothの脆弱性により、マイク通じた盗聴が可能になる恐れ(CVE-2025-20700、CVE-2025-20701、CVE-2025-20702) | Codebook|Security News https://t.co/C6Mla6RKhs
@Luke06121
30 Jun 2025
14 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Bluetooth flaws could let hackers spy through your microphone Researchers uncovered three Bluetooth vulnerabilities (CVE-2025-20700 to -20702) in Airoha chipsets used in 29 audio devices from major brands like Sony, Bose, and JBL. The flaws allow attackers within Bluetooth range
@dCypherIO
30 Jun 2025
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Critical flaws in Airoha Bluetooth chips (CVE-2025-20700-20702) found in Bose, Sony, JBL, and other brands can turn headphones into spy devices, allowing live audio extraction and call hijacking #BluetoothSecurity #HeadphoneHack #Cybersecurity #AirohaChips https://t.co/WT1sjhnU0N
@the_yellow_fall
30 Jun 2025
571 Impressions
3 Retweets
9 Likes
2 Bookmarks
0 Replies
0 Quotes
多数のBluetoothオーディオ機器にマイクからの盗聴が可能となる脆弱性。Beyerdynamic、Bose、ソニー、Marshall、Jabra、JBL、Jlab、EarisMax、MoerLabs, Teufelの10社/29機種が対象。SoC上のAirohaシステムにおける3件の脆弱性(CVE-
@__kokumoto
29 Jun 2025
905 Impressions
0 Retweets
6 Likes
1 Bookmark
0 Replies
0 Quotes
Just opened a support ticket with @Sennheiser to check if my Sennheiser IE 100 Pro Wireless are affected by the zero day vulnerabilities CVE-2025-20702, CVE-2025-20700, CVE-2025-20701. Amazed to see: if they answer, when they answer and if it's affected.
@mountainman1977
29 Jun 2025
48 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes