Sign-up

ID

VAR-202506-0597


CVE

CVE-2025-5820


TITLE

Sony Corporation's  XAV-AX8500  Firmware vulnerability regarding authentication bypass using alternative paths or channels

Trust: 0.8

sources: JVNDB: JVNDB-2025-008303

DESCRIPTION

Sony XAV-AX8500 Bluetooth ERTM Channel Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected Sony XAV-AX8500 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of Bluetooth ERTM channel communication. The issue results from improper channel data initialization. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-26285. Sony Corporation's XAV-AX8500 The firmware contains an authentication bypass vulnerability using alternate paths or channels.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. SONY XAV-AX8500 is a car AV receiver with enhanced functions

Trust: 2.79

sources: NVD: CVE-2025-5820 // JVNDB: JVNDB-2025-008303 // ZDI: ZDI-25-358 // CNVD: CNVD-2025-14806

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2025-14806

AFFECTED PRODUCTS

vendor:sonymodel:xav-ax8500scope: - version: -

Trust: 1.3

vendor:sonymodel:xav-ax8500scope:gteversion:2.00.1

Trust: 1.0

vendor:sonymodel:xav-ax8500scope:ltversion:3.02.00

Trust: 1.0

vendor:ソニー株式会社model:xav-ax8500scope:eqversion:xav-ax8500 firmware 2.00.1 that's all 3.02.00

Trust: 0.8

vendor:ソニー株式会社model:xav-ax8500scope: - version: -

Trust: 0.8

vendor:ソニー株式会社model:xav-ax8500scope:eqversion: -

Trust: 0.8

sources: ZDI: ZDI-25-358 // CNVD: CNVD-2025-14806 // JVNDB: JVNDB-2025-008303 // NVD: CVE-2025-5820

CVSS

SEVERITY

CVSSV2

CVSSV3

zdi-disclosures@trendmicro.com: CVE-2025-5820
value: MEDIUM

Trust: 1.0

nvd@nist.gov: CVE-2025-5820
value: HIGH

Trust: 1.0

NVD: CVE-2025-5820
value: HIGH

Trust: 0.8

ZDI: CVE-2025-5820
value: MEDIUM

Trust: 0.7

CNVD: CNVD-2025-14806
value: MEDIUM

Trust: 0.6

CNVD: CNVD-2025-14806
severity: MEDIUM
baseScore: 5.8
vectorString: AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 6.5
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

zdi-disclosures@trendmicro.com: CVE-2025-5820
baseSeverity: MEDIUM
baseScore: 6.3
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 2.8
impactScore: 3.4
version: 3.0

Trust: 1.0

nvd@nist.gov: CVE-2025-5820
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2025-5820
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

ZDI: CVE-2025-5820
baseSeverity: MEDIUM
baseScore: 6.3
vectorString: AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 2.8
impactScore: 3.4
version: 3.0

Trust: 0.7

sources: ZDI: ZDI-25-358 // CNVD: CNVD-2025-14806 // JVNDB: JVNDB-2025-008303 // NVD: CVE-2025-5820 // NVD: CVE-2025-5820

PROBLEMTYPE DATA

problemtype:CWE-288

Trust: 1.0

problemtype:Authentication Bypass Using Alternate Paths or Channels (CWE-288) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2025-008303 // NVD: CVE-2025-5820

PATCH

title:Sony has issued an update to correct this vulnerability.url:https://www.sony.com/electronics/support/mobile-cd-players-digital-media-players-xav-series/xav-ax8500/software/00344092

Trust: 0.7

title:Patch for SONY XAV-AX8500 Bluetooth ERTM Channel Authentication Bypass Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/703861

Trust: 0.6

sources: ZDI: ZDI-25-358 // CNVD: CNVD-2025-14806

EXTERNAL IDS

db:NVDid:CVE-2025-5820

Trust: 3.9

db:ZDIid:ZDI-25-358

Trust: 3.1

db:JVNDBid:JVNDB-2025-008303

Trust: 0.8

db:ZDI_CANid:ZDI-CAN-26285

Trust: 0.7

db:CNVDid:CNVD-2025-14806

Trust: 0.6

sources: ZDI: ZDI-25-358 // CNVD: CNVD-2025-14806 // JVNDB: JVNDB-2025-008303 // NVD: CVE-2025-5820

REFERENCES

url:https://www.sony.com/electronics/support/mobile-cd-players-digital-media-players-xav-series/xav-ax8500/software/00344092

Trust: 2.5

url:https://www.zerodayinitiative.com/advisories/zdi-25-358/

Trust: 2.4

url:https://nvd.nist.gov/vuln/detail/cve-2025-5820

Trust: 0.8

sources: ZDI: ZDI-25-358 // CNVD: CNVD-2025-14806 // JVNDB: JVNDB-2025-008303 // NVD: CVE-2025-5820

CREDITS

Mikhail Evdokimov (@konatabrk) from PCAutomotive

Trust: 0.7

sources: ZDI: ZDI-25-358

SOURCES

db:ZDIid:ZDI-25-358
db:CNVDid:CNVD-2025-14806
db:JVNDBid:JVNDB-2025-008303
db:NVDid:CVE-2025-5820

LAST UPDATE DATE

2025-07-12T19:35:18.972000+00:00


SOURCES UPDATE DATE

db:ZDIid:ZDI-25-358date:2025-06-11T00:00:00
db:CNVDid:CNVD-2025-14806date:2025-07-02T00:00:00
db:JVNDBid:JVNDB-2025-008303date:2025-07-09T08:33:00
db:NVDid:CVE-2025-5820date:2025-07-08T14:28:29.520

SOURCES RELEASE DATE

db:ZDIid:ZDI-25-358date:2025-06-11T00:00:00
db:CNVDid:CNVD-2025-14806date:2025-07-01T00:00:00
db:JVNDBid:JVNDB-2025-008303date:2025-07-09T00:00:00
db:NVDid:CVE-2025-5820date:2025-06-21T01:15:28.723