{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-07-01T13:34:36.523","vulnerabilities":[{"cve":{"id":"CVE-2025-69969","sourceIdentifier":"cve@mitre.org","published":"2026-03-04T17:16:17.847","lastModified":"2026-06-17T10:00:56.053","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A lack of authentication and authorization mechanisms in the Bluetooth Low Energy (BLE) communication protocol of SRK Powertech Pvt Ltd Pebble Prism Ultra v2.9.2 allows attackers to reverse engineer the protocol and execute arbitrary commands on the device without establishing a connection. This is exploitable over Bluetooth Low Energy (BLE) proximity (Adjacent), requiring no physical contact with the device. Furthermore, the vulnerability is not limited to arbitrary commands but includes cleartext data interception and unauthenticated firmware hijacking via OTA services."},{"lang":"es","value":"Una falta de mecanismos de autenticación y autorización en el protocolo de comunicación Bluetooth Low Energy (BLE) de SRK Powertech Pvt Ltd Pebble Prism Ultra v2.9.2 permite a los atacantes realizar ingeniería inversa del protocolo y ejecutar comandos arbitrarios en el dispositivo sin establecer una conexión. Esto es explotable a través de la proximidad Bluetooth Low Energy (BLE) (Adyacente), sin requerir contacto físico con el dispositivo. Además, la vulnerabilidad no se limita a comandos arbitrarios, sino que incluye la interceptación de datos en texto claro y el secuestro de firmware no autenticado a través de servicios OTA."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H","baseScore":9.6,"baseSeverity":"CRITICAL","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-03-04T16:50:41.943585Z","id":"CVE-2025-69969","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-311"},{"lang":"en","value":"CWE-319"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:pebblepower:pebble_prism_ultra_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"2.5.8","matchCriteriaId":"95969418-0F7C-469B-B438-891AA89A9C57"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:pebblepower:pebble_prism_ultra:-:*:*:*:*:*:*:*","matchCriteriaId":"6C0C5761-7D12-41A4-B1B5-2A54D708D86E"}]}]}],"references":[{"url":"https://github.com/mukundbhuva/BLEached-Security","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]},{"url":"https://github.com/mukundbhuva/BLEached-Security/security/advisories/GHSA-cp6q-87g8-mq77","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]}]}}]}