CVE-2025-20702

CVSS v3.1

8.8

Vector

AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Airoha Bluetooth audio SDK (affected versions not specified)

Description The Airoha Bluetooth audio SDK contains a flaw involving unauthorized access to the RACE protocol. This access could allow for remote escalation of privilege without requiring additional execution privileges, and does not require user interaction for exploitation. Reports indicate that devices utilizing Airoha chips may be susceptible to unauthorized access and eavesdropping due to a lack of authentication.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

LPE

Missing Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-306

Related Identifiers

BDU:2026-01013

CVE-2025-20702

Affected Products

Airoha Chips

Jabra

CVE-2025-20702

Weakness Enumeration

Related Identifiers

Affected Products

References · 35