CVE-2025-20702HIGH 8.8EPSS p89.1%

CVE-2025-20702CVE-2025-20702

Description

In the Airoha Bluetooth audio SDK, there is a possible unauthorized access to the RACE protocol. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Scoring

CVSS 3.18.8 (HIGH)
VectorCVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS3.96% probability of exploitation · percentile 89.1% · 2026-06-21T12:00:28Z
Published2025-08-04
Last modified2026-04-15

Underlying weaknesses· 1

CWE-306

References

  1. https://www.airoha.com/product-security-bulletin/2025

1

TypeTargetConfidenceTier
WeaknessMissing Authentication for Critical Functioncwe-3060%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-20700
CVE
CVE-2025-20701
CVE
CVE-2025-20680
CVE
CVE-2026-0095
CVE
CVE-2025-0084
CVE
CVE-2025-20672
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.