Critical Bluetooth security vulnerability: Millions of headphones potentially vulnerable to eavesdropping

1. Who is affected?

Airoha system-on-chips (SoCs), used in numerous Bluetooth headphones, earbuds, speakers, dongles, and microphones, have critical vulnerabilities. Attacks are possible via both Bluetooth Low Energy and classic Bluetooth BR/EDR.

2. What is the vulnerability?

A proprietary protocol allows access to RAM and flash memory without any authentication via pairing. Three CVEs document the problems, but these have not yet been published (May 26, 2025).

• CVE‑2025‑20700: Missing authentication for GATT services
• CVE‑2025‑20701: Lack of authentication with Bluetooth Classic
• CVE‑2025‑20702: Critical functionality of the custom protocol

3. Affected brands and models

Both lower-priced and premium models are affected. Confirmed devices include:

• Beyerdynamic Amiron 300
• Bose QuietComfort Earbuds
• Jabra Elite 8 Active
• JBL Endurance Race 2 & Live Buds 3
• Marshall ACTON III, MAJOR V und weitere
• Sony WH‑1000XM Reihe, Link Buds S/XB910N u. a.
• Teufel Tatws

The complete list of devices that are confirmed to be affected can be found here in this article.

4. Attack scenarios

• Eavesdropping: Bluetooth‑HFP allows the microphone to be activated independently of the user.
• Trust hijacking: Read link keys, simulate the headphones, cause the paired cell phone to make a call or read contact data.
• Worm attack: Firmware manipulation could spread on its own.

5. How realistic are attacks?

Real attacks are technically complex and require close proximity (< 10 m). High-profile targets (journalists, politicians, etc.) are particularly at risk. End users are currently rarely targeted.

6. Availability of patches

Airoha delivered SDK updates to manufacturers at the beginning of June 2025. However, no specific firmware updates have been released to date (as of the end of June). Manufacturers must now actively follow suit.

7. Recommendations for users and manufacturers

• Users: Unpair Bluetooth devices and headphones, install firmware updates regularly, or disable Bluetooth completely.
• Manufacturers: Check which products are affected and roll out official updates promptly. Transparent communication throughout the supply chain.

Sources: https://www.heise.de/news/Zero-Day-Bluetooth-Luecke-macht-Millionen-Kopfhoerer-zu-Abhoerstationen-10457857.html, https://insinuator.net/2025/06/airoha-bluetooth-security-vulnerabilities/