Vulnerability-Lookup

GHSA-W6H2-P5Q3-P762

Vulnerability from github – Published: 2025-06-10 12:30 – Updated: 2025-06-10 12:30

Details

Due to an undocumented active bluetooth stack on products delivered within the period 01.01.2024 to 09.05.2025 fingerprinting is possible by an unauthenticated adjacent attacker.

Severity

4.3 (Medium)


                  
                    CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2025-41657"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-207"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-06-10T11:15:53Z",
    "severity": "MODERATE"
  },
  "details": "Due to an undocumented active bluetooth stack on products delivered within the period 01.01.2024 to 09.05.2025 fingerprinting is possible by an unauthenticated adjacent attacker.",
  "id": "GHSA-w6h2-p5q3-p762",
  "modified": "2025-06-10T12:30:18Z",
  "published": "2025-06-10T12:30:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-41657"
    },
    {
      "type": "WEB",
      "url": "https://certvde.com/en/advisories/VDE-2025-047"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

CVE-2025-41657 (GCVE-0-2025-41657)

Vulnerability from cvelistv5 – Published: 2025-06-10 10:46 – Updated: 2025-06-10 14:25

Title

AUMA: Incorrect delivery status of the Bluetooth configuration

Summary

Due to an undocumented active bluetooth stack on products delivered within the period 01.01.2024 to 09.05.2025 fingerprinting is possible by an unauthenticated adjacent attacker.

Severity

4.3 (Medium)


                        
                          CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE

CWE-207 - Observable Behavioral Discrepancy With Equivalent Products

Assigner

CERTVDE

References

1 reference

URL	Tags
https://certvde.com/en/advisories/VDE-2025-047

Impacted products

2 products

Vendor	Product	Version
Auma	AC1.2	Affected: 01.01.2024 , < 09.05.2025 (semver)
Auma	PROFOX	Affected: 01.01.2024 , < 09.05.2025 (semver)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-41657",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-06-10T14:25:31.913039Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-10T14:25:52.710Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "AC1.2",
          "vendor": "Auma",
          "versions": [
            {
              "lessThan": "09.05.2025",
              "status": "affected",
              "version": "01.01.2024",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "PROFOX",
          "vendor": "Auma",
          "versions": [
            {
              "lessThan": "09.05.2025",
              "status": "affected",
              "version": "01.01.2024",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Due to an undocumented active bluetooth stack on products delivered within the period 01.01.2024 to 09.05.2025 fingerprinting is possible by an unauthenticated adjacent attacker."
            }
          ],
          "value": "Due to an undocumented active bluetooth stack on products delivered within the period 01.01.2024 to 09.05.2025 fingerprinting is possible by an unauthenticated adjacent attacker."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-207",
              "description": "CWE-207 Observable Behavioral Discrepancy With Equivalent Products",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-06-10T10:46:30.034Z",
        "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "shortName": "CERTVDE"
      },
      "references": [
        {
          "url": "https://certvde.com/en/advisories/VDE-2025-047"
        }
      ],
      "source": {
        "advisory": "VDE-2025-047",
        "defect": [
          "CERT@VDE#641788"
        ],
        "discovery": "UNKNOWN"
      },
      "title": "AUMA: Incorrect delivery status of the Bluetooth configuration",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
    "assignerShortName": "CERTVDE",
    "cveId": "CVE-2025-41657",
    "datePublished": "2025-06-10T10:46:30.034Z",
    "dateReserved": "2025-04-16T11:17:48.306Z",
    "dateUpdated": "2025-06-10T14:25:52.710Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

GHSA-W6H2-P5Q3-P762

CVE-2025-41657 (GCVE-0-2025-41657)

Tags

Sightings

Nomenclature