Skip to content

Secure Cyber Vulnerability Management

  • Home
  • About Us
  • Our Services
  • Privacy Policy
  • Home
  • About Us
  • Our Services
  • Privacy Policy
12/06/2025
Zero-Day Initiative

ZDI-25-358: (Pwn2Own) Sony XAV-AX8500 Bluetooth ERTM Channel Authentication Bypass Vulnerability

by Deepanshu Jha
This vulnerability allows network-adjacent attackers to bypass authentication on affected Sony XAV-AX8500 devices. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 6.3. The following CVEs are assigned: CVE-2025-5820.
  • Next ZDI-25-365: Trend Micro Apex One Security Agent ntrmv Uncontrolled Search Path Local Privilege Escalation Vulnerability
  • Previous ZDI-25-357: (Pwn2Own) Sony XAV-AX8500 Bluetooth Improper Isolation Authentication Bypass Vulnerability

Comments are closed.

You may also like

ZDI-25-390: Siemens TeleControl Server Basic UpdateDatabaseSettings SQL Injection Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Siemens TeleControl Server Basic. Although authentication is...

17/06/2025
Zero-Day Initiative

ZDI-25-323: Action1 Uncontrolled Search Path Element Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Action1. An attacker must first obtain the ability...

04/06/2025
Zero-Day Initiative
Secure Cyber Vulnerability Management

Secure Cyber Vulnerability Management © 2025. All Rights Reserved.