CVE-2025-56019

MEDIUM

Agasta Easytouch+ 9.3.97 - Privilege Escalation

Title source: llm

Description

An insecure permission vulnerability exists in the Agasta Easytouch+ version 9.3.97 The device allows unauthorized mobile applications to connect via Bluetooth Low Energy (BLE) without authentication. Once an unauthorized connection is established, legitimate applications are unable to connect, causing a denial of service. The attack requires proximity to the device, making it exploitable from an adjacent network location.

Exploits (1)

nomisec WRITEUP

by Yashodhanvivek · poc

https://github.com/Yashodhanvivek/Agatsa-EasyTouch-Plus---CVE-2025-56019

View Code ZIP pw:eip

References (1)

[Exploit, Third Party Advisory] https://github.com/Yashodhanvivek/Agatsa-EasyTouch-Plus---CVE-2025-56019/blob/main/input.md

Scores

CVSS v3 6.5

EPSS 0.0007

EPSS Percentile 21.9%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Classification

CWE

CWE-277

Status published

Affected Products (1)

agasta/easy_touch_plus_firmware

Timeline

Published Oct 02, 2025

Tracked Since Feb 18, 2026