CVE-2025-20702

CVSS v3.1

8.8

Vector

AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Airoha Bluetooth audio SDK (affected versions not specified)

Description In the Airoha Bluetooth audio SDK, unauthorized access to the RACE protocol is possible. This could lead to remote escalation of privilege without requiring additional execution privileges, and does not require user interaction for exploitation. Reports indicate that devices utilizing Airoha chips may be affected, potentially allowing unauthorized access and eavesdropping.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

LPE

Missing Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-306

Related Identifiers

CVE-2025-20702

Affected Products

Airoha Chips

Jabra

CVE-2025-20702

Weakness Enumeration

Related Identifiers

Affected Products

References · 21