CVE-2025-5820HIGH 8.8EPSS p22.1%

CVE-2025-5820CVE-2025-5820

Description

Sony XAV-AX8500 Bluetooth ERTM Channel Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected Sony XAV-AX8500 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of Bluetooth ERTM channel communication. The issue results from improper channel data initialization. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-26285.

Scoring

CVSS 3.18.8 (HIGH)
VectorCVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.31% probability of exploitation · percentile 22.1% · 2026-06-19T12:03:05Z
Published2025-06-21
Last modified2025-07-08

Underlying weaknesses· 1

CWE-288

References

  1. https://www.sony.com/electronics/support/mobile-cd-players-digital-media-players-xav-series/xav-ax8500/software/00344092
  2. https://www.zerodayinitiative.com/advisories/ZDI-25-358/

1

TypeTargetConfidenceTier
WeaknessAuthentication Bypass Using an Alternate Path or Channelcwe-2880%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-5476
CVE
CVE-2025-5478
CVE
CVE-2025-40837
CVE
CVE-2025-5124
CVE
CVE-2025-20700
CVE
CVE-2025-65856
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.