CVE-2025-32878CRITICAL 9.8EPSS p26.3%

CVE-2025-32878CVE-2025-32878

Description

An issue was discovered on COROS PACE 3 devices through 3.0808.0. It implements a function to connect the watch to a WLAN. This function is mainly for downloading firmware files. Before downloading firmware files, the watch requests some information about the firmware via HTTPS from the back-end API. However, the X.509 server certificate within the TLS handshake is not validated by the device. This allows an attacker within an active machine-in-the-middle position, using a TLS proxy and a self-signed certificate, to eavesdrop and manipulate the HTTPS communication. This could be abused, for example, for stealing the API access token of the assigned user account.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.35% probability of exploitation · percentile 26.3% · 2026-06-18T12:00:27Z
Published2025-06-20
Last modified2025-07-08

Underlying weaknesses· 1

CWE-295

References

  1. https://support.coros.com/hc/en-us/articles/20087694119828-COROS-PACE-3-Release-Notes
  2. https://syss.de
  3. https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2025-030.txt

1

TypeTargetConfidenceTier
WeaknessImproper Certificate Validationcwe-2950%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-32880
CVE
CVE-2025-32877
CVE
CVE-2025-32879
CVE
CVE-2025-48706
CVE
CVE-2025-3200
CVE
CVE-2025-3090
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.