VAR-202506-0597
Vulnerability from variot - Updated: 2025-07-12 19:35Sony XAV-AX8500 Bluetooth ERTM Channel Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected Sony XAV-AX8500 devices. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the implementation of Bluetooth ERTM channel communication. The issue results from improper channel data initialization. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-26285. Sony Corporation's XAV-AX8500 The firmware contains an authentication bypass vulnerability using alternate paths or channels.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. SONY XAV-AX8500 is a car AV receiver with enhanced functions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202506-0597",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "xav-ax8500",
"scope": null,
"trust": 1.3,
"vendor": "sony",
"version": null
},
{
"model": "xav-ax8500",
"scope": "gte",
"trust": 1.0,
"vendor": "sony",
"version": "2.00.1"
},
{
"model": "xav-ax8500",
"scope": "lt",
"trust": 1.0,
"vendor": "sony",
"version": "3.02.00"
},
{
"model": "xav-ax8500",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30bd\u30cb\u30fc\u682a\u5f0f\u4f1a\u793e",
"version": "xav-ax8500 firmware 2.00.1 that\u0027s all 3.02.00"
},
{
"model": "xav-ax8500",
"scope": null,
"trust": 0.8,
"vendor": "\u30bd\u30cb\u30fc\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "xav-ax8500",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30bd\u30cb\u30fc\u682a\u5f0f\u4f1a\u793e",
"version": null
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-25-358"
},
{
"db": "CNVD",
"id": "CNVD-2025-14806"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-008303"
},
{
"db": "NVD",
"id": "CVE-2025-5820"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mikhail Evdokimov (@konatabrk) from PCAutomotive",
"sources": [
{
"db": "ZDI",
"id": "ZDI-25-358"
}
],
"trust": 0.7
},
"cve": "CVE-2025-5820",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"id": "CNVD-2025-14806",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "zdi-disclosures@trendmicro.com",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"id": "CVE-2025-5820",
"impactScore": 3.4,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2025-5820",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2025-5820",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "ZDI",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"id": "CVE-2025-5820",
"impactScore": 3.4,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "NONE",
"vectorString": "AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "zdi-disclosures@trendmicro.com",
"id": "CVE-2025-5820",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2025-5820",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2025-5820",
"trust": 0.8,
"value": "High"
},
{
"author": "ZDI",
"id": "CVE-2025-5820",
"trust": 0.7,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2025-14806",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-25-358"
},
{
"db": "CNVD",
"id": "CNVD-2025-14806"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-008303"
},
{
"db": "NVD",
"id": "CVE-2025-5820"
},
{
"db": "NVD",
"id": "CVE-2025-5820"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sony XAV-AX8500 Bluetooth ERTM Channel Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected Sony XAV-AX8500 devices. Authentication is not required to exploit this vulnerability. \n\nThe specific flaw exists within the implementation of Bluetooth ERTM channel communication. The issue results from improper channel data initialization. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-26285. Sony Corporation\u0027s XAV-AX8500 The firmware contains an authentication bypass vulnerability using alternate paths or channels.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. SONY XAV-AX8500 is a car AV receiver with enhanced functions",
"sources": [
{
"db": "NVD",
"id": "CVE-2025-5820"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-008303"
},
{
"db": "ZDI",
"id": "ZDI-25-358"
},
{
"db": "CNVD",
"id": "CNVD-2025-14806"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2025-5820",
"trust": 3.9
},
{
"db": "ZDI",
"id": "ZDI-25-358",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2025-008303",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-26285",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2025-14806",
"trust": 0.6
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-25-358"
},
{
"db": "CNVD",
"id": "CNVD-2025-14806"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-008303"
},
{
"db": "NVD",
"id": "CVE-2025-5820"
}
]
},
"id": "VAR-202506-0597",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-14806"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-14806"
}
]
},
"last_update_date": "2025-07-12T19:35:18.972000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Sony has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://www.sony.com/electronics/support/mobile-cd-players-digital-media-players-xav-series/xav-ax8500/software/00344092"
},
{
"title": "Patch for SONY XAV-AX8500 Bluetooth ERTM Channel Authentication Bypass Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/703861"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-25-358"
},
{
"db": "CNVD",
"id": "CNVD-2025-14806"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-288",
"trust": 1.0
},
{
"problemtype": "Authentication Bypass Using Alternate Paths or Channels (CWE-288) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-008303"
},
{
"db": "NVD",
"id": "CVE-2025-5820"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://www.sony.com/electronics/support/mobile-cd-players-digital-media-players-xav-series/xav-ax8500/software/00344092"
},
{
"trust": 2.4,
"url": "https://www.zerodayinitiative.com/advisories/zdi-25-358/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2025-5820"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-25-358"
},
{
"db": "CNVD",
"id": "CNVD-2025-14806"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-008303"
},
{
"db": "NVD",
"id": "CVE-2025-5820"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-25-358"
},
{
"db": "CNVD",
"id": "CNVD-2025-14806"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-008303"
},
{
"db": "NVD",
"id": "CVE-2025-5820"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-06-11T00:00:00",
"db": "ZDI",
"id": "ZDI-25-358"
},
{
"date": "2025-07-01T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-14806"
},
{
"date": "2025-07-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2025-008303"
},
{
"date": "2025-06-21T01:15:28.723000",
"db": "NVD",
"id": "CVE-2025-5820"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-06-11T00:00:00",
"db": "ZDI",
"id": "ZDI-25-358"
},
{
"date": "2025-07-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-14806"
},
{
"date": "2025-07-09T08:33:00",
"db": "JVNDB",
"id": "JVNDB-2025-008303"
},
{
"date": "2025-07-08T14:28:29.520000",
"db": "NVD",
"id": "CVE-2025-5820"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sony Corporation\u0027s \u00a0XAV-AX8500\u00a0 Firmware vulnerability regarding authentication bypass using alternative paths or channels",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-008303"
}
],
"trust": 0.8
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…