CVE-2025-20701HIGH 8.8EPSS p87.3%

CVE-2025-20701CVE-2025-20701

Description

In the Airoha Bluetooth audio SDK, there is a possible way to pair Bluetooth audio device without user consent. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Scoring

CVSS 3.18.8 (HIGH)
VectorCVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS3.40% probability of exploitation · percentile 87.3% · 2026-06-19T12:03:05Z
Published2025-08-04
Last modified2026-04-15

Underlying weaknesses· 1

CWE-863

References

  1. https://www.airoha.com/product-security-bulletin/2025

1

TypeTargetConfidenceTier
WeaknessIncorrect Authorizationcwe-8630%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-20700
CVE
CVE-2025-20702
CVE
CVE-2026-0097
CVE
CVE-2025-0084
CVE
CVE-2025-20680
CVE
CVE-2026-41976
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.