CVE-2025-20700
published 2025-08-04CVE-2025-20700: In the Airoha Bluetooth audio SDK, there is a possible permission bypass that allows access critical data of RACE protocol through Bluetooth LE GATT service…
PriorityP260high8.8CVSS 3.1
AVAACLPRNUINSUCHIHAH
EPSS
6.18%
92.6th percentile
In the Airoha Bluetooth audio SDK, there is a possible permission bypass that allows access critical data of RACE protocol through Bluetooth LE GATT service. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Detection & IOCsextracted from sources · hover to see the quote
- →Detect Bluetooth Hands-Free Profile (HFP) command issuance from devices that have hijacked an established Bluetooth audio connection — particularly call initiation from unexpected sources. ↗
- →Investigate extraction of Bluetooth link keys from device memory, which enables hijacking of established trust relationships with paired phones. ↗
- →Flag Airoha SoC-based Bluetooth audio devices (e.g., Beats Studio Buds) running firmware older than version 1B211 as unpatched and at risk. ↗
- ·CVE-2025-20700 is most dangerous when chained with CVE-2025-20701 and CVE-2025-20702; the full attack chain enables complete device takeover, RAM/flash read-write, link key extraction, and HFP command injection. ↗
- ·The attack surface extends beyond Beats devices — Jabra also released patches for affected Airoha SoC-based devices, indicating broad vendor impact. ↗
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Hackernews
Apple Patches Beats Studio Buds Flaw Letting Nearby Attackers Spy via Microphone
blogs_hackernews·2026-06-19·CVSS 8.8
CVE-2025-20701 [HIGH] Apple Patches Beats Studio Buds Flaw Letting Nearby Attackers Spy via Microphone
Home
Threat Intelligence
Vulnerabilities
Cyber Attacks
Webinars
Expert Insights
Awards
Webinars
Awards
Free eBooks
About THN
Jobs
Advertise with us
## Apple Patches Beats Studio Buds Flaw Letting Nearby Attackers Spy via Microphone
Apple has updated its Beats Studio Buds wireless earbuds to patch a high-severity vulnerability that could be exploited by nearby hackers to eavesdrop on users.
The vulnerability, tracked as CVE-2025-20701 (CVSS score: 8.8), refers to a case of incorrect authorization impacting the Airoha Bluetooth audio SDK that makes it possible to pair a Bluetooth audio device without user consent.
Successful exploitation of the flaw could lead to remote escalation of privilege without requiring any additional execution privileges or user interaction. The is
Bleepingcomputer
Apple fixes Beats Studio Buds flaw that let hackers spy on conversations
blogs_bleepingcomputer·2026-06-18·CVSS 8.8
CVE-2025-20701 [HIGH] Apple fixes Beats Studio Buds flaw that let hackers spy on conversations
## Apple fixes Beats Studio Buds flaw that let hackers spy on conversations
## Sergiu Gatlan
Apple patched the vulnerability in Beats Firmware Update 1B211, which will be automatically delivered to vulnerable headphones when they are paired and within Bluetooth range of the user's iPhone, iPad, or Mac.
You can check whether the firmware has been applied from the Bluetooth settings on your device by tapping the info button next to the headphones.
The security flaw ( CVE-2025-20701 ) was discovered by Dennis Heinze and Frieder Steinmetz of ERNW GmbH in the Airoha system-on-a-chip (SoCs).
When they disclosed the vulnerability one year ago at the TROOPERS security conference in Germany, the ERNW security researchers said that it stems from a missing authentication weakness in the Bluetoot
Bleepingcomputer
Apple fixes zero-day flaw used in 'extremely sophisticated' attacks
blogs_bleepingcomputer·2026-02-11·CVSS 8.8
CVE-2025-14174 [HIGH] Apple fixes zero-day flaw used in 'extremely sophisticated' attacks
## Apple fixes zero-day flaw used in 'extremely sophisticated' attacks
## Lawrence Abrams
Apple says it is aware of reports that the flaw, along with the CVE-2025-14174 and CVE-2025-43529 flaws fixed in December , were exploited in the same incidents.
"An attacker with memory write capability may be able to execute arbitrary code," reads Apple's security bulletin .
"Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 26. CVE-2025-14174 and CVE-2025-43529 were also issued in response to this report."
Apple says Google's Threat Analysis Group discovered CVE-2026-20700. The company did not provide any further details about how the vulnerability was exploited.
Affected
Checkpoint
5th January – Threat Intelligence Report
blogs_checkpoint·2026-01-05
CVE-2025-14346 5th January – Threat Intelligence Report
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
2026
2025
2024
2023
2022
2021
2020
2019
2018
2017
2016
## 5th January – Threat Intelligence Report
For the latest discoveries in cyber research for the week of 5th January, please download our Threat Intelligence Bulletin .
TOP ATTACKS AND BREACHES
Two US banks, Artisans’ Bank and VeraBank, disclosed that customer data was exposed in an August ransomware attack on their vendor, Marquis Software. The vendor was breached via SonicWall vulnerability, and while the banks’ own systems were not compromised, researchers estimate the incident may have affected in total up to
2025-08-04
Published