CVE-2025-5478

High CVSS: 8.8

Sony XAV-AX8500 Bluetooth SDP Protocol Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Sony XAV-AX8500 devices. Authentication is not required to exploit this vulnerability.

The specific flaw exists within the implementation of the Bluetooth SDP protocol. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-26288.

Vendor

Sony

Product

Xav-ax8500 Firmware

CWE

CWE-190

Yayın Tarihi

2025-06-21 01:15:28

Güncelleme

2025-07-08 14:29:23

Source Identifier

zdi-disclosures@trendmicro.com

KEV Date Added

Kategoriler

CWE-190 Xav-ax8500 Firmware HIGH Sony 2025

Referanslar

https://www.sony.com/electronics/support/mobile-cd-players-digital-media-players-xav-series/xav-ax8500/software/00344092 https://www.zerodayinitiative.com/advisories/ZDI-25-355/

Benzer Kayıtlar

Medium

CVE-2020-36922

Sony BRAVIA Digital Signage 1.7.8 contains an information disclosure vulnerability that allows unauthenticated attackers…

Medium

CVE-2020-36923

Sony BRAVIA Digital Signage 1.7.8 contains an insecure direct object reference vulnerability that allows attackers to by…

Medium

CVE-2020-36924

Sony BRAVIA Digital Signage 1.7.8 contains a remote file inclusion vulnerability that allows attackers to inject arbitra…

Critical

CVE-2020-36885

Sony IPELA Network Camera 1.82.01 contains a stack buffer overflow vulnerability in the ftpclient.cgi endpoint that allo…

Medium

CVE-2025-64730

Cross-site scripting vulnerability exists in SNC-CX600W all versions. If this vulnerability is exploited, an arbitrary s…

Low

CVE-2025-62497

Cross-site request forgery vulnerability exists in SNC-CX600W versions prior to Ver.2.8.0. If a user accesses a speciall…