{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-20T11:54:12.458","vulnerabilities":[{"cve":{"id":"CVE-2025-5820","sourceIdentifier":"zdi-disclosures@trendmicro.com","published":"2025-06-21T01:15:28.723","lastModified":"2025-07-08T14:28:29.520","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Sony XAV-AX8500 Bluetooth ERTM Channel Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected Sony XAV-AX8500 devices. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the implementation of Bluetooth ERTM channel communication. The issue results from improper channel data initialization. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-26285."},{"lang":"es","value":"Vulnerabilidad de omisión de autenticación del canal Bluetooth ERTM en Sony XAV-AX8500. Esta vulnerabilidad permite a atacantes adyacentes a la red omitir la autenticación en los dispositivos Sony XAV-AX8500 afectados. No se requiere autenticación para explotar esta vulnerabilidad. La falla específica se encuentra en la implementación de la comunicación del canal Bluetooth ERTM. El problema se debe a la inicialización incorrecta de los datos del canal. Un atacante puede aprovechar esta vulnerabilidad para omitir la autenticación en el sistema. Anteriormente, se denominó ZDI-CAN-26285. "}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV30":[{"source":"zdi-disclosures@trendmicro.com","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.4}]},"weaknesses":[{"source":"zdi-disclosures@trendmicro.com","type":"Secondary","description":[{"lang":"en","value":"CWE-288"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:sony:xav-ax8500_firmware:*:*:*:*:*:*:*:*","versionStartIncluding":"2.00.1","versionEndExcluding":"3.02.00","matchCriteriaId":"8B069E46-3A2A-4248-9EA3-4E2AA4C96C97"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:sony:xav-ax8500:-:*:*:*:*:*:*:*","matchCriteriaId":"02EDC3EE-9691-4D04-AE74-5E7D269B3232"}]}]}],"references":[{"url":"https://www.sony.com/electronics/support/mobile-cd-players-digital-media-players-xav-series/xav-ax8500/software/00344092","source":"zdi-disclosures@trendmicro.com","tags":["Patch"]},{"url":"https://www.zerodayinitiative.com/advisories/ZDI-25-358/","source":"zdi-disclosures@trendmicro.com","tags":["Third Party Advisory"]}]}}]}