CVE-2022-25809

Name of the Vulnerable Software and Affected Versions Amazon Echo Dot devices, 3rd and 4th Generation

Description The issue allows for arbitrary voice command execution on affected devices. This can be achieved by a remote attacker using a malicious skill or by a physically proximate attacker pairing a malicious Bluetooth device, also known as an "Alexa versus Alexa (AvA)" attack.

Recommendations For 3rd Generation Amazon Echo Dot devices, update the device to a version that includes a fix for this issue. For 4th Generation Amazon Echo Dot devices, update the device to a version that includes a fix for this issue. As a temporary workaround, consider disabling skills from untrusted sources and restricting Bluetooth pairing to minimize the risk of exploitation.