CVE-2025-36911
Published Jan 15, 2026
Last updated a month ago
- Description
- In key-based pairing, there is a possible ID due to a logic error in the code. This could lead to remote (proximal/adjacent) information disclosure of user's conversations and location with no additional execution privileges needed. User interaction is not needed for exploitation.
- Source
- dsap-vuln-management@google.com
- NVD status
- Modified
- Products
- android
CVSS 3.1
- Type
- Secondary
- Base score
- 7.1
- Impact score
- 4.2
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
- Severity
- HIGH
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
8
Tool for research on Bluetooth vulnerability CVE-2025-36911 https://t.co/ORnsacARgE https://t.co/XCn31lChhT
@tom_doerr
5 Mar 2026
3878 Impressions
5 Retweets
57 Likes
55 Bookmarks
0 Replies
0 Quotes
Bluetooth常時ONのデバイスがどれだけ情報を漏洩するかパッシブスキャナーBluehoodで検証。Raspberry Piだけで近隣の行動パターンや在宅状況を把握でき、補聴器等のBLE無効化不可な機器も対象。CVE-2025-36911の公表も
@__su888
17 Feb 2026
37 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Hello @SonyFrance @Sony , est-ce que la dernière mise à jour du casque WH-1000XM4 (3.0.1) corrige bien la vulnérabilité whisperpair (CVE-2025-36911) ? Merci !
@MichtroyTwitch
6 Feb 2026
50 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Security Alert: WhisperPair Flaw in Fast Pair protocol (CVE-2025-36911) lets hackers hijack Bluetooth headphones: ⚠️ Risks: - Eavesdropping via mic - Location tracking - Forced pairing 🔍 Check your device: https://t.co/hmXfBF9s1X 🛠 Action: Update your fi
@SaadhJawwadh
4 Feb 2026
292 Impressions
0 Retweets
3 Likes
2 Bookmarks
0 Replies
0 Quotes
🚨 تحذير خطير لمستعملي سماعات البلوتوث 🚨 كاينة ثغرة أمنية جديدة CVE-2025-36911 كتهم طريقة الربط ديال بعض أجهزة البلوتوث. هاد الثغرة كتخلّي أي واحد قريب منك يقد
@spainfunk
3 Feb 2026
45 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Just published a technical breakdown of Google Fast Pair and the WhisperPair vulnerability (CVE-2025-36911). Learn how static Fast Pair BLE advertisements enable passive tracking and why this matters for device privacy. Full article: https://t.co/WXzOiBfoa0 https://t.co/mpiLcKe
@Raging_Wolfie
29 Jan 2026
48 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
📡 CVE-2025-36911: Fast Pair accepts KBP requests outside pairing mode. Full Python exploit + demo with RF Swift (https://t.co/F4v46bOvaX) 🎬 Re-adapted for CLI https://t.co/FlwibruAJM https://t.co/swk8gqSzsy
@PentHertz
27 Jan 2026
5793 Impressions
24 Retweets
52 Likes
35 Bookmarks
1 Reply
1 Quote
🚨 Tus audifonos Bluetooth pueden ser HACKEADOS para espiarte CVE-2025-36911 - WhisperPair ⚠️ Sony WH-1000XM4/5/6, Pixel Buds, Jabra, JBL afectados ⚠️ Atacante se conecta a 15 metros SIN tu permiso ⚠️ Puede escuchar por tu microfono Google pago $15K por este bug
@secnetnew
22 Jan 2026
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
google fast pair ระเบิดไปเลยจ้าช่องโหว่ CVE-2025-36911
@johmddqnzydfzx
22 Jan 2026
29 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
WPair es el PoC para la vulnerabilidad CVE-2025-36911 (WhisperPair) en millones de auriculares. Permite a pentesters demostrar el emparejamiento no autorizado y el acceso al micrófono en tests de seguridad. 🎧🔓 [#WPair #HackingEtico #Cybersecurity #Bluetooth #PoC] https://
@EsGeeks
21 Jan 2026
573 Impressions
4 Retweets
14 Likes
8 Bookmarks
2 Replies
0 Quotes
⚠️ Vulnerabilidades en dispositivos Google ❗ CVE-2025-48647 ❗ CVE-2025-36911 ➡️ Más info: https://t.co/rZnJU3Ih9k https://t.co/Z1qa4k15e1
@CERTpy
21 Jan 2026
72 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
‼️WPair is a defensive security research tool that demonstrates the CVE-2025-36911 (eg WhisperPair) vulnerability in Google's Fast Pair protocol. https://t.co/NFfNyzxdta Features: ▪️BLE Scanner - Discovers Fast Pair devices broadcasting the 0xFE2C service UUID ▪️V
@DarkWebInformer
20 Jan 2026
4956 Impressions
8 Retweets
38 Likes
20 Bookmarks
0 Replies
0 Quotes
🚨 WPair Scanner Released to Detect WhisperPair (CVE-2025-36911) Fast Pair Authentication Bypass A new open-source Android tool (WPair) can scan and safely test Bluetooth audio devices for the WhisperPair flaw, caused by missing signature verification and lack of user
@ThreatSynop
20 Jan 2026
47 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 WhisperPair Attack Forces Bluetooth Pairing to Hijack Earbuds and Track Victims WhisperPair (CVE-2025-36911) exploits flawed Google Fast Pair implementations that accept pairing requests even when devices aren’t in pairing mode, allowing attackers within ~14m to silently t
@ThreatSynop
20 Jan 2026
50 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 WhisperPair Flaw Lets Attackers Hijack Bluetooth Earbuds and Track Victims via Google Fast Pair Researchers disclosed a critical Fast Pair vulnerability (CVE-2025-36911 “WhisperPair”) where many accessories accept pairing requests even when not in pairing mode, enabling
@ThreatSynop
20 Jan 2026
60 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
GoogleのBluetooth簡単接続機能「Fast Pair」に、「WhisperPair」と呼ばれる重大な脆弱性(CVE-2025-36911)が発見されました。
@omomuki_tech
20 Jan 2026
56 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
WhisperPair、数億台のBluetooth 機器に深刻な脆弱性 CVE-2025-36911-Google Fast Pairの不備による盗聴・追跡リスクの実態 https://t.co/FnROE455P3
@cybersecnews_jp
19 Jan 2026
65 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 WhisperPair Vulnerability Exposed! 🎧🔓 WPair-app scanner demonstrates CVE-2025-36911 in Google's Fast Pair, affecting millions of Bluetooth audio devices. A must-see for #CyberSecurity #exploit #wireless #WhisperPair #FastPair #CVE202536911 https://t.co/FNmiwXjMPD
@TheExploitLab
19 Jan 2026
125 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
WPair: app for testing Bluetooth WhisperPair vulnerability (CVE-2025-36911) WhisperPair vulnerability allows to hijacking Bluetooth headsets that use Google Fast Pair to spy on microphone and track their location https://t.co/1ebPoY03NN https://t.co/SmayGlj5Fo
@androidmalware2
19 Jan 2026
22852 Impressions
55 Retweets
373 Likes
283 Bookmarks
0 Replies
0 Quotes
CVE-2025-36911(Bluetooth機器の乗っ取り)だって。 ちょっと……私も危ういかもしれない。
@Eternal_Zunda
19 Jan 2026
106 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
#WhisperPair、数億台のBluetooth 機器に深刻な脆弱性 CVE-2025-36911-Google Fast Pairの不備による盗聴・追跡リスクの実態 https://t.co/iDwBKFVWfU #セキュリティ対策Lab #セキュリティ #Security #サイバー攻撃
@securityLab_jp
18 Jan 2026
145 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
WhisperPair, is a defensive security research tool that demonstrates the CVE-2025-36911 vulnerability in Google's Fast Pair protocol. https://t.co/Jm3NfnJgWw
@RooTkiT1XZ
18 Jan 2026
57 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
GitHub - zalexdev/wpair-app: WPair is a defensive security research tool that demonstrates the CVE-2025-36911 (eg WhisperPair) vulnerability in Google's Fast Pair protocol. This vulnerability affects millions of Bluetooth audio devices worldwide https://t.co/WLc0LreaGQ
@akaclandestine
18 Jan 2026
2581 Impressions
7 Retweets
35 Likes
31 Bookmarks
1 Reply
1 Quote
POV: Someone just paired to your earbuds CVE-2025-36911 — Fast Pair accepts pairing requests even when NOT in pairing mode - Silent attack, zero user interaction - 100M+ vulnerable devices - Mic access via HFP Android PoC → https://t.co/0eNlZaKAw6 #bluetooth #hacking
@zalexdev
17 Jan 2026
104 Impressions
0 Retweets
1 Like
1 Bookmark
0 Replies
0 Quotes
CVE-2025-36911 in Google's Fast Pair protocol allows you to do some really cool things with Bluetooth devices. Learn more here: https://t.co/KFTNkpUIep The Whisper Pair app lets you run the exploit easily: https://t.co/FkoZYKhwrw https://t.co/rpnC6eZNfl
@zeac3r
17 Jan 2026
121 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 WhisperPair Fast Pair Flaw Lets Attackers Hijack Millions of Bluetooth Audio Accessories SecurityWeek reports KU Leuven researchers found a critical Google Fast Pair implementation flaw (CVE-2025-36911) where vulnerable accessories don’t verify “pairing mode,” allowing
@ThreatSynop
16 Jan 2026
47 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
**Vulnerability Alert!** Millions of Bluetooth audio devices (headphones, earbuds) exposed by CVE-2025-36911 (WhisperPair). Attackers nearby (within 14m) can forcibly pair & potentially eavesdrop, hijack audio, or track your device via Find... #Cybersecurity #BluetoothSecurit
@LavxNews
16 Jan 2026
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
🚨 Critical “WhisperPair” Bug Lets Hackers Track and Eavesdrop via Google Fast Pair Audio Devices Security researchers found a critical flaw in Google’s Fast Pair protocol (CVE-2025-36911) that allows nearby attackers to silently hijack vulnerable Bluetooth
@ThreatSynop
16 Jan 2026
57 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Une faille critique WhisperPair (CVE-2025-36911) touche des millions d’appareils audio Bluetooth avec Google Fast Pair. Elle permet le pistage, l’écoute et le détournement à distance. Mettez à jour le logiciel interne de l’appareil dès que possible. #chevalyeTek https
@williamboamson
16 Jan 2026
69 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-36911 In key-based pairing, there is a possible ID due to a logic error in the code. This could lead to remote (proximal/adjacent) information disclosure of user's conversa… https://t.co/vOHTT5jlmI
@CVEnew
15 Jan 2026
91 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Researchers at KU Leuven disclose "WhisperPair" (CVE-2025-36911), a critical flaw in Google's Fast Pair that lets nearby attackers track and eavesdrop on hundreds of millions of Bluetooth audio devices. #Bluetooth https://t.co/6NHFW1PzZ4
@threatcluster
15 Jan 2026
49 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Critical “WhisperPair” Flaw Lets Hackers Track & Eavesdrop via Bluetooth Audio Devices A critical weakness in Google’s Fast Pair protocol (CVE-2025-36911, “WhisperPair”) allows nearby attackers to silently hijack vulnerable earbuds/headphones/speakers, potentia
@ThreatSynop
15 Jan 2026
45 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]