CVE-2025-69969

CRITICAL

9.6

Description

A lack of authentication and authorization mechanisms in the Bluetooth Low Energy (BLE) communication protocol of SRK Powertech Pvt Ltd Pebble Prism Ultra v2.9.2 allows attackers to reverse engineer the protocol and execute arbitrary commands on the device without establishing a connection. This is exploitable over Bluetooth Low Energy (BLE) proximity (Adjacent), requiring no physical contact with the device. Furthermore, the vulnerability is not limited to arbitrary commands but includes cleartext data interception and unauthenticated firmware hijacking via OTA services.

Details CVE

Score CVSS v3.19.6

SeveriteCRITICAL

Vecteur CVSSCVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Vecteur d'attaqueADJACENT_NETWORK

ComplexiteLOW

Privileges requisNONE

Interaction utilisateurNONE

Publie3/4/2026

Derniere modification3/9/2026

Sourcenvd

Observations honeypot0

Produits affectes

pebblepower:pebble_prism_ultrapebblepower:pebble_prism_ultra_firmware

Faiblesses (CWE)

CWE-311CWE-319

References

https://github.com/mukundbhuva/BLEached-Security(cve@mitre.org)

https://github.com/mukundbhuva/BLEached-Security/security/advisories/GHSA-cp6q-87g8-mq77(cve@mitre.org)

Correlations IOC

Aucune correlation enregistree

This product uses data from the NVD API but is not endorsed or certified by the NVD.