Common Weakness Enumeration
CWE-207
AllowedObservable Behavioral Discrepancy With Equivalent Products
Abstraction: Variant · Status: Draft
The product operates in an environment in which its existence or specific identity should not be known, but it behaves differently than other products with equivalent functionality, in a way that is observable to an attacker.
2 vulnerabilities reference this CWE, most recent first.
CVE-2025-41657 (GCVE-0-2025-41657)
Vulnerability from cvelistv5 – Published: 2025-06-10 10:46 – Updated: 2025-06-10 14:25
VLAI
EPSS
VEX
Title
AUMA: Incorrect delivery status of the Bluetooth configuration
Summary
Due to an undocumented active bluetooth stack on products delivered within the period 01.01.2024 to 09.05.2025 fingerprinting is possible by an unauthenticated adjacent attacker.
Severity
4.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-207 - Observable Behavioral Discrepancy With Equivalent Products
Assigner
References
1 reference
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-41657",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-10T14:25:31.913039Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-10T14:25:52.710Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "AC1.2",
"vendor": "Auma",
"versions": [
{
"lessThan": "09.05.2025",
"status": "affected",
"version": "01.01.2024",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PROFOX",
"vendor": "Auma",
"versions": [
{
"lessThan": "09.05.2025",
"status": "affected",
"version": "01.01.2024",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Due to an undocumented active bluetooth stack on products delivered within the period 01.01.2024 to 09.05.2025 fingerprinting is possible by an unauthenticated adjacent attacker."
}
],
"value": "Due to an undocumented active bluetooth stack on products delivered within the period 01.01.2024 to 09.05.2025 fingerprinting is possible by an unauthenticated adjacent attacker."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-207",
"description": "CWE-207 Observable Behavioral Discrepancy With Equivalent Products",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-10T10:46:30.034Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://certvde.com/en/advisories/VDE-2025-047"
}
],
"source": {
"advisory": "VDE-2025-047",
"defect": [
"CERT@VDE#641788"
],
"discovery": "UNKNOWN"
},
"title": "AUMA: Incorrect delivery status of the Bluetooth configuration",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2025-41657",
"datePublished": "2025-06-10T10:46:30.034Z",
"dateReserved": "2025-04-16T11:17:48.306Z",
"dateUpdated": "2025-06-10T14:25:52.710Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
GHSA-W6H2-P5Q3-P762
Vulnerability from github – Published: 2025-06-10 12:30 – Updated: 2025-06-10 12:30
VLAI
Details
Due to an undocumented active bluetooth stack on products delivered within the period 01.01.2024 to 09.05.2025 fingerprinting is possible by an unauthenticated adjacent attacker.
Severity
4.3 (Medium)
{
"affected": [],
"aliases": [
"CVE-2025-41657"
],
"database_specific": {
"cwe_ids": [
"CWE-207"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-06-10T11:15:53Z",
"severity": "MODERATE"
},
"details": "Due to an undocumented active bluetooth stack on products delivered within the period 01.01.2024 to 09.05.2025 fingerprinting is possible by an unauthenticated adjacent attacker.",
"id": "GHSA-w6h2-p5q3-p762",
"modified": "2025-06-10T12:30:18Z",
"published": "2025-06-10T12:30:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-41657"
},
{
"type": "WEB",
"url": "https://certvde.com/en/advisories/VDE-2025-047"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.