CVE-2025-20700

Name of the Vulnerable Software and Affected Versions Airoha Bluetooth audio SDK versions prior to August 4, 2025

Description The Airoha Bluetooth audio SDK contains a permission bypass that allows access to critical data of the RACE protocol through the Bluetooth LE GATT service. This can lead to remote escalation of privilege without requiring additional execution privileges or user interaction. Reports indicate that attackers within Bluetooth range can hijack connections, make calls, and eavesdrop through a device's microphone. The vulnerability affects 29 audio devices from brands including Bose, Sony, and Jabra. The issue has been actively exploited.

Recommendations Update the Airoha Bluetooth audio SDK to a version released after August 4, 2025.