8.8 CVE-2025-5476
Sony XAV-AX8500 Bluetooth Improper Isolation Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected Sony XAV-AX8500 devices. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the implementation of ACL-U links. The issue results from the lack of L2CAP channel isolation. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-26284.
https://nvd.nist.gov/vuln/detail/CVE-2025-5476
Categories
CWE-653 : Improper Isolation or Compartmentalization
When a weakness occurs in functionality that is accessible by lower-privileged users, then without strong boundaries, an attack might extend the scope of the damage to higher-privileged users.
References
zdi-disclosures@trendmicro.com Patch
CPE
| cpe |
start |
end |
| Configuration 1 |
| AND |
| cpe:2.3:o:sony:xav-ax8500_firmware:*:*:*:*:*:*:*:* |
>= 2.00.01 |
< 3.02.00 |
| Running on/with |
| cpe:2.3:h:sony:xav-ax8500:-:*:*:*:*:*:*:* |
|
|
REMEDIATION
Patch
EXPLOITS
Exploit-db.com
| id |
description |
date |
|
| No known exploits |
POC Github
Other Nist (github, ...)
CAPEC
Common Attack Pattern Enumerations and Classifications
| id |
description |
severity |
| No entry |
Cybersecurity needs ?
Strengthen software security from the outset with our DevSecOps expertise
Integrate security right from the start of the software development cycle for more robust applications and greater customer confidence.
Our team of DevSecOps experts can help you secure your APIs, data pipelines, CI/CD chains, Docker containers and Kubernetes deployments.
Discover this offer
