FKIE_CVE-2025-32875

Vulnerability from fkie_nvd - Published: 2025-06-20 14:15 - Updated: 2025-06-23 20:16
Severity ?
5.7 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Summary
An issue was discovered in the COROS application through 3.8.12 for Android. Bluetooth pairing and bonding is neither initiated nor enforced by the application itself. Also, the watch does not enforce pairing and bonding. As a result, any data transmitted via BLE remains unencrypted, allowing attackers within Bluetooth range to eavesdrop on the communication. Furthermore, even if a user manually initiates pairing and bonding in the Android settings, the application continues to transmit data without requiring the watch to be bonded. This fallback behavior enables attackers to exploit the communication, for example, by conducting an active machine-in-the-middle attack.
References
cve@mitre.orghttps://support.coros.com/hc/en-us/categories/4416357319956-Software-Updates
cve@mitre.orghttps://syss.de
cve@mitre.orghttps://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2025-025.txt
Impacted products
Vendor Product Version
To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in the COROS application through 3.8.12 for Android. Bluetooth pairing and bonding is neither initiated nor enforced by the application itself. Also, the watch does not enforce pairing and bonding. As a result, any data transmitted via BLE remains unencrypted, allowing attackers within Bluetooth range to eavesdrop on the communication. Furthermore, even if a user manually initiates pairing and bonding in the Android settings, the application continues to transmit data without requiring the watch to be bonded. This fallback behavior enables attackers to exploit the communication, for example, by conducting an active machine-in-the-middle attack."
    },
    {
      "lang": "es",
      "value": "Se detect\u00f3 un problema en la aplicaci\u00f3n COROS hasta la versi\u00f3n 3.8.12 para Android. El emparejamiento y la vinculaci\u00f3n Bluetooth no se inician ni se aplican por la propia aplicaci\u00f3n. Adem\u00e1s, el reloj no aplica el emparejamiento y la vinculaci\u00f3n. Como resultado, los datos transmitidos mediante BLE permanecen sin cifrar, lo que permite a los atacantes dentro del alcance de Bluetooth interceptar la comunicaci\u00f3n. Adem\u00e1s, incluso si un usuario inicia manualmente el emparejamiento y la vinculaci\u00f3n en la configuraci\u00f3n de Android, la aplicaci\u00f3n contin\u00faa transmitiendo datos sin necesidad de vincular el reloj. Este comportamiento de respaldo permite a los atacantes explotar la comunicaci\u00f3n, por ejemplo, mediante un ataque de m\u00e1quina en el medio (MAI)."
    }
  ],
  "id": "CVE-2025-32875",
  "lastModified": "2025-06-23T20:16:40.143",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.7,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.1,
        "impactScore": 3.6,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-06-20T14:15:27.730",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "https://support.coros.com/hc/en-us/categories/4416357319956-Software-Updates"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://syss.de"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2025-025.txt"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-287"
        },
        {
          "lang": "en",
          "value": "CWE-311"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.