CVE-2024-45431
published 2025-09-12CVE-2024-45431: OpenSynergy BlueSDK (aka Blue SDK) through 6.x has Improper Input Validation. The specific flaw exists within the BlueSDK Bluetooth stack. The issue results…
PriorityP336medium5.3CVSS 3.1
AVNACLPRNUINSUCLINAN
EPSS
4.42%
90.1th percentile
OpenSynergy BlueSDK (aka Blue SDK) through 6.x has Improper Input Validation. The specific flaw exists within the BlueSDK Bluetooth stack. The issue results from the lack of proper validation of remote L2CAP channel ID (CID). An attacker can leverage this to create an L2CAP channel with the null identifier assigned as a remote CID.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| opensynergy | blue_sdk | <= 6.0.1 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Checkpoint
14th July – Threat Intelligence Report
blogs_checkpoint·2025-07-14
CVE-2025-49719 14th July – Threat Intelligence Report
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
2026
2025
2024
2023
2022
2021
2020
2019
2018
2017
2016
## 14th July – Threat Intelligence Report
For the latest discoveries in cyber research for the week of 14th July, please download our Threat Intelligence Bulletin .
TOP ATTACKS AND BREACHES
McDonald’s has suffered a data breach that resulted in the exposure of chat transcripts, session tokens, and personal data from more than 64 million job applications submitted through its AI powered McHire chatbot platform. Data leaked included applicants’ names, email addresses, phone numbers, home addresses, availability, and
Bleepingcomputer
PerfektBlue Bluetooth flaws impact Mercedes, Volkswagen, Skoda cars
blogs_bleepingcomputer·2025-07-10·CVSS 5.3
[MEDIUM] PerfektBlue Bluetooth flaws impact Mercedes, Volkswagen, Skoda cars
## PerfektBlue Bluetooth flaws impact Mercedes, Volkswagen, Skoda cars
## Bill Toulas
Four vulnerabilities dubbed PerfektBlue and affecting the BlueSDK Bluetooth stack from OpenSynergy can be exploited to achieve remote code execution and potentially allow access to critical elements in vehicles from multiple vendors, including Mercedes-Benz AG, Volkswagen, and Skoda.
OpenSynergy confirmed the flaws last year in June and released patches to customers in September 2024 but many automakers have yet to push the corrective firmware updates. At least one major OEM learned only recently about the security risks.
The security issues can be chained together into an exploit that researchers call a PerfektBlue attack and can be delivered over-the-air by an attacker, requiring "at most 1-click fr
2025-09-12
Published