CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-5477 – Sony XAV-AX8500 Bluetooth L2CAP Protocol Heap-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-5477
11 Jun 2025 — Sony XAV-AX8500 Bluetooth L2CAP Protocol Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected Sony XAV-AX8500 devices. An attacker must first obtain the ability to pair a malicious Bluetooth device with the target system in order to exploit this vulnerability. The specific flaw exists within the implementation of the Bluetooth L2CAP protocol. The issue results from the lack of proper validation of the lengt... • https://www.sony.com/electronics/support/mobile-cd-players-digital-media-players-xav-series/xav-ax8500/software/00344092 • CWE-122: Heap-based Buffer Overflow •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-5479 – Sony XAV-AX8500 Bluetooth AVCTP Protocol Heap-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-5479
11 Jun 2025 — Sony XAV-AX8500 Bluetooth AVCTP Protocol Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Sony XAV-AX8500 devices. An attacker must first obtain the ability to pair a malicious Bluetooth device with the target system in order to exploit this vulnerability. The specific flaw exists within the implementation of the Bluetooth AVCTP protocol. The issue results from the lack of proper valida... • https://www.sony.com/electronics/support/mobile-cd-players-digital-media-players-xav-series/xav-ax8500/software/00344092 • CWE-122: Heap-based Buffer Overflow •
CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-5475 – Sony XAV-AX8500 Bluetooth Packet Handling Integer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-5475
11 Jun 2025 — Sony XAV-AX8500 Bluetooth Packet Handling Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected Sony XAV-AX8500 devices. An attacker must first obtain the ability to pair a malicious Bluetooth device with the target system in order to exploit this vulnerability. The specific flaw exists within the handling of Bluetooth packets. The issue results from the lack of proper validation of user-supplied data, which can resul... • https://www.sony.com/electronics/support/mobile-cd-players-digital-media-players-xav-series/xav-ax8500/software/00344092 • CWE-190: Integer Overflow or Wraparound •
CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-5476 – Sony XAV-AX8500 Bluetooth Improper Isolation Authentication Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2025-5476
11 Jun 2025 — Sony XAV-AX8500 Bluetooth Improper Isolation Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected Sony XAV-AX8500 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of ACL-U links. The issue results from the lack of L2CAP channel isolation. • https://www.sony.com/electronics/support/mobile-cd-players-digital-media-players-xav-series/xav-ax8500/software/00344092 • CWE-653: Improper Isolation or Compartmentalization •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-5478 – Sony XAV-AX8500 Bluetooth SDP Protocol Integer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-5478
11 Jun 2025 — Sony XAV-AX8500 Bluetooth SDP Protocol Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Sony XAV-AX8500 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the Bluetooth SDP protocol. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer... • https://www.sony.com/electronics/support/mobile-cd-players-digital-media-players-xav-series/xav-ax8500/software/00344092 • CWE-190: Integer Overflow or Wraparound •
CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-5820 – Sony XAV-AX8500 Bluetooth ERTM Channel Authentication Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2025-5820
11 Jun 2025 — Sony XAV-AX8500 Bluetooth ERTM Channel Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected Sony XAV-AX8500 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of Bluetooth ERTM channel communication. The issue results from improper channel data initialization. • https://www.sony.com/electronics/support/mobile-cd-players-digital-media-players-xav-series/xav-ax8500/software/00344092 • CWE-288: Authentication Bypass Using an Alternate Path or Channel •