Search criteria
2 vulnerabilities found for AB156x, AB157x, AB158x, AB159x series by Airoha Technology Corp.
CVE-2025-20701 (GCVE-0-2025-20701)
Vulnerability from cvelistv5 – Published: 2025-08-04 06:20 – Updated: 2025-08-05 03:56
VLAI?
Summary
In the Airoha Bluetooth audio SDK, there is a possible way to pair Bluetooth audio device without user consent. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity ?
8.8 (High)
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Airoha Technology Corp. | AB156x, AB157x, AB158x, AB159x series |
Affected:
Airoha IoT SDK for BT audio v5.5.0 and earlier
Affected: Airoha AB1561x/AB1562x/AB1563x SDK v3.3.1 and earlier |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-20701",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-04T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-05T03:56:10.136Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "AB156x, AB157x, AB158x, AB159x series",
"vendor": "Airoha Technology Corp.",
"versions": [
{
"status": "affected",
"version": "Airoha IoT SDK for BT audio v5.5.0 and earlier"
},
{
"status": "affected",
"version": "Airoha AB1561x/AB1562x/AB1563x SDK v3.3.1 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Airoha Bluetooth audio SDK, there is a possible way to pair Bluetooth audio device without user consent. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-04T06:20:32.057Z",
"orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"shortName": "MediaTek"
},
"references": [
{
"url": "https://www.airoha.com/product-security-bulletin/2025"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"assignerShortName": "MediaTek",
"cveId": "CVE-2025-20701",
"datePublished": "2025-08-04T06:20:32.057Z",
"dateReserved": "2024-11-01T01:21:50.382Z",
"dateUpdated": "2025-08-05T03:56:10.136Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-20701 (GCVE-0-2025-20701)
Vulnerability from nvd – Published: 2025-08-04 06:20 – Updated: 2025-08-05 03:56
VLAI?
Summary
In the Airoha Bluetooth audio SDK, there is a possible way to pair Bluetooth audio device without user consent. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity ?
8.8 (High)
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Airoha Technology Corp. | AB156x, AB157x, AB158x, AB159x series |
Affected:
Airoha IoT SDK for BT audio v5.5.0 and earlier
Affected: Airoha AB1561x/AB1562x/AB1563x SDK v3.3.1 and earlier |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-20701",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-04T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-05T03:56:10.136Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "AB156x, AB157x, AB158x, AB159x series",
"vendor": "Airoha Technology Corp.",
"versions": [
{
"status": "affected",
"version": "Airoha IoT SDK for BT audio v5.5.0 and earlier"
},
{
"status": "affected",
"version": "Airoha AB1561x/AB1562x/AB1563x SDK v3.3.1 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Airoha Bluetooth audio SDK, there is a possible way to pair Bluetooth audio device without user consent. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-04T06:20:32.057Z",
"orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"shortName": "MediaTek"
},
"references": [
{
"url": "https://www.airoha.com/product-security-bulletin/2025"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"assignerShortName": "MediaTek",
"cveId": "CVE-2025-20701",
"datePublished": "2025-08-04T06:20:32.057Z",
"dateReserved": "2024-11-01T01:21:50.382Z",
"dateUpdated": "2025-08-05T03:56:10.136Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}