Vulnerabilities affecting a Bluetooth chipset present in more than two dozen audio devices from ten vendors can be exploited for eavesdropping or stealing sensitive information.
Researchers confirmed that 29 devices from Beyerdynamic, Bose, Sony, Marshall, Jabra, JBL, Jlab, EarisMax, MoerLabs, and Teufel are affected.
The list of impacted products includes speakers, earbuds, headphones, and wireless microphones.
The security problems could be leveraged to take over a vulnerable product and on some phones, an attacker within connection range may be able to extract call history and contacts.
Snooping over a Bluetooth connection
At the TROOPERS security conference in Germany, researchers at cybersecurity company ERNW disclosed three vulnerabilities in the Airoha systems on a chip (SoCs), which are widely used in True Wireless Stereo (TWS) earbuds.
The issues are not critical and besides close physical proximity (Bluetooth range), their exploitation also requires “a high technical skill set.” They received the following identifiers:
CVE-2025-20700 (6.7, medium severity score) - missing authentication for GATT services
CVE-2025-20701 (6.7, medium severity score) - missing authentication for Bluetooth BR/EDR
CVE-2025-20702 (7.5, high severity score) - critical capabilities of a custom protocol
... continue reading