CVE-2022-25837

HIGH

Bluetooth Core Specification <5.3 - Unauthenticated MITM

Title source: llm

Description

Bluetooth® Pairing in Bluetooth Core Specification v1.0B through v5.3 may permit an unauthenticated MITM to acquire credentials with two pairing devices via adjacent access when at least one device supports BR/EDR Secure Connections pairing and the other BR/EDR Legacy PIN code pairing if the MITM negotiates BR/EDR Secure Simple Pairing in Secure Connections mode using the Passkey association model with the pairing Initiator and BR/EDR Legacy PIN code pairing with the pairing Responder and brute forces the Passkey entered by the user into the Responder as a 6-digit PIN code. The MITM attacker can use the identified PIN code value as the Passkey value to complete authentication with the Initiator via Bluetooth pairing method confusion.

References (1)

[Vendor Advisory] https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/reporting-security/

Scores

CVSS v3 7.5

EPSS 0.0019

EPSS Percentile 40.5%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N

Classification

CWE

CWE-294

Status published

Affected Products (1)

bluetooth/bluetooth_core_specification < 5.3

Timeline

Published Dec 12, 2022

Tracked Since Feb 18, 2026