Sign-up

ID

VAR-202506-0598


CVE

CVE-2025-5477


TITLE

Sony Corporation's  XAV-AX8500  Heap-based buffer overflow vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2025-008397

DESCRIPTION

Sony XAV-AX8500 Bluetooth L2CAP Protocol Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected Sony XAV-AX8500 devices. An attacker must first obtain the ability to pair a malicious Bluetooth device with the target system in order to exploit this vulnerability. The specific flaw exists within the implementation of the Bluetooth L2CAP protocol. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the elysian-bt-service process. Was ZDI-CAN-26286. (DoS) It may be in a state. SONY XAV-AX8500 is a car AV receiver with enhanced functions

Trust: 2.79

sources: NVD: CVE-2025-5477 // JVNDB: JVNDB-2025-008397 // ZDI: ZDI-25-354 // CNVD: CNVD-2025-14802

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2025-14802

AFFECTED PRODUCTS

vendor:sonymodel:xav-ax8500scope: - version: -

Trust: 1.3

vendor:sonymodel:xav-ax8500scope:ltversion:3.02.00

Trust: 1.0

vendor:sonymodel:xav-ax8500scope:gteversion:2.00.01

Trust: 1.0

vendor:ソニー株式会社model:xav-ax8500scope:eqversion:xav-ax8500 firmware 2.00.01 that's all 3.02.00

Trust: 0.8

vendor:ソニー株式会社model:xav-ax8500scope:eqversion: -

Trust: 0.8

vendor:ソニー株式会社model:xav-ax8500scope: - version: -

Trust: 0.8

sources: ZDI: ZDI-25-354 // CNVD: CNVD-2025-14802 // JVNDB: JVNDB-2025-008397 // NVD: CVE-2025-5477

CVSS

SEVERITY

CVSSV2

CVSSV3

zdi-disclosures@trendmicro.com: CVE-2025-5477
value: HIGH

Trust: 1.0

nvd@nist.gov: CVE-2025-5477
value: HIGH

Trust: 1.0

NVD: CVE-2025-5477
value: HIGH

Trust: 0.8

ZDI: CVE-2025-5477
value: HIGH

Trust: 0.7

CNVD: CNVD-2025-14802
value: MEDIUM

Trust: 0.6

CNVD: CNVD-2025-14802
severity: MEDIUM
baseScore: 6.8
vectorString: AV:A/AC:H/AU:N/C:C/I:C/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.2
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

zdi-disclosures@trendmicro.com: CVE-2025-5477
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.6
impactScore: 5.9
version: 3.0

Trust: 1.8

nvd@nist.gov: CVE-2025-5477
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.6
impactScore: 5.9
version: 3.1

Trust: 1.0

ZDI: CVE-2025-5477
baseSeverity: HIGH
baseScore: 7.5
vectorString: AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.6
impactScore: 5.9
version: 3.0

Trust: 0.7

sources: ZDI: ZDI-25-354 // CNVD: CNVD-2025-14802 // JVNDB: JVNDB-2025-008397 // NVD: CVE-2025-5477 // NVD: CVE-2025-5477

PROBLEMTYPE DATA

problemtype:CWE-122

Trust: 1.0

problemtype:Heap-based buffer overflow (CWE-122) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2025-008397 // NVD: CVE-2025-5477

PATCH

title:Sony has issued an update to correct this vulnerability.url:https://www.sony.com/electronics/support/mobile-cd-players-digital-media-players-xav-series/xav-ax8500/software/00344092

Trust: 0.7

title:Patch for SONY XAV-AX8500 Heap Buffer Overflow Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/703821

Trust: 0.6

sources: ZDI: ZDI-25-354 // CNVD: CNVD-2025-14802

EXTERNAL IDS

db:NVDid:CVE-2025-5477

Trust: 3.9

db:ZDIid:ZDI-25-354

Trust: 3.1

db:JVNDBid:JVNDB-2025-008397

Trust: 0.8

db:ZDI_CANid:ZDI-CAN-26286

Trust: 0.7

db:CNVDid:CNVD-2025-14802

Trust: 0.6

sources: ZDI: ZDI-25-354 // CNVD: CNVD-2025-14802 // JVNDB: JVNDB-2025-008397 // NVD: CVE-2025-5477

REFERENCES

url:https://www.sony.com/electronics/support/mobile-cd-players-digital-media-players-xav-series/xav-ax8500/software/00344092

Trust: 2.5

url:https://www.zerodayinitiative.com/advisories/zdi-25-354/

Trust: 2.4

url:https://nvd.nist.gov/vuln/detail/cve-2025-5477

Trust: 0.8

sources: ZDI: ZDI-25-354 // CNVD: CNVD-2025-14802 // JVNDB: JVNDB-2025-008397 // NVD: CVE-2025-5477

CREDITS

Mikhail Evdokimov (@konatabrk) from PCAutomotive

Trust: 0.7

sources: ZDI: ZDI-25-354

SOURCES

db:ZDIid:ZDI-25-354
db:CNVDid:CNVD-2025-14802
db:JVNDBid:JVNDB-2025-008397
db:NVDid:CVE-2025-5477

LAST UPDATE DATE

2025-07-12T23:24:15.864000+00:00


SOURCES UPDATE DATE

db:ZDIid:ZDI-25-354date:2025-06-11T00:00:00
db:CNVDid:CNVD-2025-14802date:2025-07-02T00:00:00
db:JVNDBid:JVNDB-2025-008397date:2025-07-10T07:29:00
db:NVDid:CVE-2025-5477date:2025-07-08T14:29:50.553

SOURCES RELEASE DATE

db:ZDIid:ZDI-25-354date:2025-06-11T00:00:00
db:CNVDid:CNVD-2025-14802date:2025-06-30T00:00:00
db:JVNDBid:JVNDB-2025-008397date:2025-07-10T00:00:00
db:NVDid:CVE-2025-5477date:2025-06-21T01:15:28.330