CVE-2025-32876

Name of the Vulnerable Software and Affected Versions: COROS PACE 3 devices versions through 3.0808.0

Description: An issue was discovered in the BLE implementation of the COROS smartwatch, which does not support LE Secure Connections and instead enforces BLE Legacy Pairing. In this pairing method, the Short-Term Key (STK) can be easily guessed, requiring knowledge of the Temporary Key (TK), which is set to 0 due to the Just Works pairing method. This allows an attacker within Bluetooth range to perform sniffing attacks, enabling eavesdropping on the communication.

Recommendations: For COROS PACE 3 devices versions through 3.0808.0, consider disabling Bluetooth functionality until a patch is available to mitigate the risk of sniffing attacks. Restrict access to sensitive information on the device to minimize the risk of eavesdropping. At the moment, there is no information about a newer version that contains a fix for this vulnerability.