CVE-2024-45434
published 2025-09-12CVE-2024-45434: OpenSynergy BlueSDK (aka Blue SDK) through 6.x has a Use-After-Free. The specific flaw exists within the BlueSDK Bluetooth stack. The issue results from the…
PriorityP268critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
5.93%
92.3th percentile
OpenSynergy BlueSDK (aka Blue SDK) through 6.x has a Use-After-Free. The specific flaw exists within the BlueSDK Bluetooth stack. The issue results from the lack of validating the existence of an object before performing operations on the object (aka use after free). An attacker can leverage this to achieve remote code execution in the context of a user account under which the Bluetooth process runs.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| opensynergy | blue_sdk | <= 6.0.1 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →CVE-2024-45434 is a use-after-free in the AVRCP (Audio/Video Remote Control Profile) service of the BlueSDK Bluetooth stack; target the AVRCP service handler for anomalous object lifecycle operations ↗
- →PerfektBlue exploit chain (CVE-2024-45431 through CVE-2024-45434) can be delivered over-the-air and requires at most 1-click from a user (Bluetooth pairing approval); monitor for unexpected Bluetooth pairing requests combined with AVRCP service crashes or memory corruption indicators ↗
- →Successful exploitation results in a reverse shell obtained over TCP/IP on the in-vehicle infotainment (IVI) system; monitor for unexpected outbound TCP shell sessions originating from IVI/infotainment processes ↗
- →Post-exploitation activity includes privilege escalation and lateral movement to other vehicle components; monitor for anomalous inter-process or inter-ECU communication originating from the infotainment system after a Bluetooth pairing event ↗
- →Affected platforms confirmed for PerfektBlue include Volkswagen ID.4 (ICAS3 system), Mercedes-Benz (NTG6), and Skoda Superb (MIB3); prioritize detection and patching on these specific infotainment head unit platforms ↗
- →Some automakers configure infotainment systems to pair without user confirmation, enabling a fully remote (0-click) attack path; audit Bluetooth pairing configuration on BlueSDK-based devices for auto-accept pairing settings ↗
- ·Exploit requires attacker to be within Bluetooth range (5–7 meters) of the target vehicle; remote internet-based exploitation is not possible without physical proximity ↗
- ·For Volkswagen, exploitation additionally requires the ignition to be on, the infotainment system to be in active pairing mode, and the user to approve the pairing on-screen — reducing opportunistic attack surface significantly ↗
- ·Full technical exploitation details have not been publicly released; PCA Cyber Security plans to disclose complete technical details in November 2025 at a conference talk ↗
- ·OpenSynergy released patches to customers in September 2024, but many automakers had not yet pushed corrective firmware updates at time of disclosure; patch availability does not equal deployment ↗
- ·The vulnerability was found by analyzing a compiled binary without source code access, meaning the full attack surface of BlueSDK across all vendor customizations may not be fully characterized ↗
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Checkpoint
14th July – Threat Intelligence Report
blogs_checkpoint·2025-07-14
CVE-2025-49719 14th July – Threat Intelligence Report
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
2026
2025
2024
2023
2022
2021
2020
2019
2018
2017
2016
## 14th July – Threat Intelligence Report
For the latest discoveries in cyber research for the week of 14th July, please download our Threat Intelligence Bulletin .
TOP ATTACKS AND BREACHES
McDonald’s has suffered a data breach that resulted in the exposure of chat transcripts, session tokens, and personal data from more than 64 million job applications submitted through its AI powered McHire chatbot platform. Data leaked included applicants’ names, email addresses, phone numbers, home addresses, availability, and
Bleepingcomputer
PerfektBlue Bluetooth flaws impact Mercedes, Volkswagen, Skoda cars
blogs_bleepingcomputer·2025-07-10·CVSS 5.3
[MEDIUM] PerfektBlue Bluetooth flaws impact Mercedes, Volkswagen, Skoda cars
## PerfektBlue Bluetooth flaws impact Mercedes, Volkswagen, Skoda cars
## Bill Toulas
Four vulnerabilities dubbed PerfektBlue and affecting the BlueSDK Bluetooth stack from OpenSynergy can be exploited to achieve remote code execution and potentially allow access to critical elements in vehicles from multiple vendors, including Mercedes-Benz AG, Volkswagen, and Skoda.
OpenSynergy confirmed the flaws last year in June and released patches to customers in September 2024 but many automakers have yet to push the corrective firmware updates. At least one major OEM learned only recently about the security risks.
The security issues can be chained together into an exploit that researchers call a PerfektBlue attack and can be delivered over-the-air by an attacker, requiring "at most 1-click fr
2025-09-12
Published