Konatabrk

Researcher fromPCAutomotive
#6564of 53,632
41.4Total CVSS
Vulnerabilities · 5
High
5
PT-2025-25255
8.8
2025-06-11
Sony · Sony Xav-Ax8500 · CVE-2025-5476
**Name of the Vulnerable Software and Affected Versions** Sony XAV-AX8500 (affected versions not specified) **Description** The issue concerns an improper isolation authentication bypass vulnerability in the Bluetooth functionality. It was discovered by Mikhail Evdokimov from PCAutomotive. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2025-25256
7.5
2025-06-11
Sony · Sony Xav-Ax8500 · CVE-2025-5477
**Name of the Vulnerable Software and Affected Versions** Sony XAV-AX8500 (affected versions not specified) **Description** The issue is related to a heap-based buffer overflow in the Bluetooth L2CAP protocol, which can lead to remote code execution. This was demonstrated at Pwn2Own. The estimated number of potentially affected devices worldwide is not provided. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2025-25257
8.8
2025-06-11
Sony · Sony Xav-Ax8500 · CVE-2025-5478
**Name of the Vulnerable Software and Affected Versions** Sony XAV-AX8500 (affected versions not specified) **Description** The issue is related to an integer overflow in the Bluetooth SDP protocol, which can lead to remote code execution. This was demonstrated at Pwn2Own. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2025-25258
7.5
2025-06-11
Sony · Sony Xav-Ax8500 · CVE-2025-5479
**Name of the Vulnerable Software and Affected Versions** Sony XAV-AX8500 (affected versions not specified) **Description** The issue is related to a heap-based buffer overflow in the Bluetooth AVCTP protocol, which can lead to remote code execution. This was demonstrated at Pwn2Own. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2025-25259
8.8
2025-06-11
Sony · Sony Xav-Ax8500 · CVE-2025-5820
**Name of the Vulnerable Software and Affected Versions** Sony XAV-AX8500 (affected versions not specified) **Description** The issue concerns a Bluetooth ERTM Channel Authentication Bypass. It was discovered by Mikhail Evdokimov from PCAutomotive. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.