Sign-up

ID

VAR-202506-0614


CVE

CVE-2025-5475


TITLE

Sony Corporation's  XAV-AX8500  Integer overflow vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2025-008398

DESCRIPTION

Sony XAV-AX8500 Bluetooth Packet Handling Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected Sony XAV-AX8500 devices. An attacker must first obtain the ability to pair a malicious Bluetooth device with the target system in order to exploit this vulnerability. The specific flaw exists within the handling of Bluetooth packets. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before writing to memory. An attacker can leverage this vulnerability to execute code in the context of the elysian-bt-service process. Was ZDI-CAN-26283. (DoS) It may be in a state. SONY XAV-AX8500 is a car AV receiver with enhanced functions

Trust: 2.79

sources: NVD: CVE-2025-5475 // JVNDB: JVNDB-2025-008398 // ZDI: ZDI-25-353 // CNVD: CNVD-2025-14801

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2025-14801

AFFECTED PRODUCTS

vendor:sonymodel:xav-ax8500scope: - version: -

Trust: 1.3

vendor:sonymodel:xav-ax8500scope:ltversion:3.02.00

Trust: 1.0

vendor:sonymodel:xav-ax8500scope:gteversion:2.00.01

Trust: 1.0

vendor:ソニー株式会社model:xav-ax8500scope:eqversion:xav-ax8500 firmware 2.00.01 that's all 3.02.00

Trust: 0.8

vendor:ソニー株式会社model:xav-ax8500scope:eqversion: -

Trust: 0.8

vendor:ソニー株式会社model:xav-ax8500scope: - version: -

Trust: 0.8

sources: ZDI: ZDI-25-353 // CNVD: CNVD-2025-14801 // JVNDB: JVNDB-2025-008398 // NVD: CVE-2025-5475

CVSS

SEVERITY

CVSSV2

CVSSV3

zdi-disclosures@trendmicro.com: CVE-2025-5475
value: HIGH

Trust: 1.0

nvd@nist.gov: CVE-2025-5475
value: HIGH

Trust: 1.0

NVD: CVE-2025-5475
value: HIGH

Trust: 0.8

ZDI: CVE-2025-5475
value: HIGH

Trust: 0.7

CNVD: CNVD-2025-14801
value: MEDIUM

Trust: 0.6

CNVD: CNVD-2025-14801
severity: MEDIUM
baseScore: 6.8
vectorString: AV:A/AC:H/AU:N/C:C/I:C/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.2
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

zdi-disclosures@trendmicro.com: CVE-2025-5475
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.6
impactScore: 5.9
version: 3.0

Trust: 1.8

nvd@nist.gov: CVE-2025-5475
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.6
impactScore: 5.9
version: 3.1

Trust: 1.0

ZDI: CVE-2025-5475
baseSeverity: HIGH
baseScore: 7.5
vectorString: AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.6
impactScore: 5.9
version: 3.0

Trust: 0.7

sources: ZDI: ZDI-25-353 // CNVD: CNVD-2025-14801 // JVNDB: JVNDB-2025-008398 // NVD: CVE-2025-5475 // NVD: CVE-2025-5475

PROBLEMTYPE DATA

problemtype:CWE-190

Trust: 1.0

problemtype:Integer overflow or wraparound (CWE-190) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2025-008398 // NVD: CVE-2025-5475

PATCH

title:Sony has issued an update to correct this vulnerability.url:https://www.sony.com/electronics/support/mobile-cd-players-digital-media-players-xav-series/xav-ax8500/software/00344092

Trust: 0.7

title:Patch for SONY XAV-AX8500 Integer Overflow Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/703816

Trust: 0.6

sources: ZDI: ZDI-25-353 // CNVD: CNVD-2025-14801

EXTERNAL IDS

db:NVDid:CVE-2025-5475

Trust: 3.9

db:ZDIid:ZDI-25-353

Trust: 3.1

db:JVNDBid:JVNDB-2025-008398

Trust: 0.8

db:ZDI_CANid:ZDI-CAN-26283

Trust: 0.7

db:CNVDid:CNVD-2025-14801

Trust: 0.6

sources: ZDI: ZDI-25-353 // CNVD: CNVD-2025-14801 // JVNDB: JVNDB-2025-008398 // NVD: CVE-2025-5475

REFERENCES

url:https://www.sony.com/electronics/support/mobile-cd-players-digital-media-players-xav-series/xav-ax8500/software/00344092

Trust: 2.5

url:https://www.zerodayinitiative.com/advisories/zdi-25-353/

Trust: 2.4

url:https://nvd.nist.gov/vuln/detail/cve-2025-5475

Trust: 0.8

sources: ZDI: ZDI-25-353 // CNVD: CNVD-2025-14801 // JVNDB: JVNDB-2025-008398 // NVD: CVE-2025-5475

CREDITS

@ExLuck99

Trust: 0.7

sources: ZDI: ZDI-25-353

SOURCES

db:ZDIid:ZDI-25-353
db:CNVDid:CNVD-2025-14801
db:JVNDBid:JVNDB-2025-008398
db:NVDid:CVE-2025-5475

LAST UPDATE DATE

2025-07-12T23:16:31.827000+00:00


SOURCES UPDATE DATE

db:ZDIid:ZDI-25-353date:2025-06-11T00:00:00
db:CNVDid:CNVD-2025-14801date:2025-07-02T00:00:00
db:JVNDBid:JVNDB-2025-008398date:2025-07-10T07:29:00
db:NVDid:CVE-2025-5475date:2025-07-08T14:30:38.823

SOURCES RELEASE DATE

db:ZDIid:ZDI-25-353date:2025-06-11T00:00:00
db:CNVDid:CNVD-2025-14801date:2025-06-30T00:00:00
db:JVNDBid:JVNDB-2025-008398date:2025-07-10T00:00:00
db:NVDid:CVE-2025-5475date:2025-06-21T01:15:28.037