CVE-2025-69969

{"id": "CVE-2025-69969", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.6, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 2.8}]}, "published": "2026-03-04T17:16:17.847", "references": [{"url": "https://github.com/mukundbhuva/BLEached-Security", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/mukundbhuva/BLEached-Security/security/advisories/GHSA-cp6q-87g8-mq77", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-311"}, {"lang": "en", "value": "CWE-319"}]}], "descriptions": [{"lang": "en", "value": "A lack of authentication and authorization mechanisms in the Bluetooth Low Energy (BLE) communication protocol of SRK Powertech Pvt Ltd Pebble Prism Ultra v2.9.2 allows attackers to reverse engineer the protocol and execute arbitrary commands on the device without establishing a connection. This is exploitable over Bluetooth Low Energy (BLE) proximity (Adjacent), requiring no physical contact with the device. Furthermore, the vulnerability is not limited to arbitrary commands but includes cleartext data interception and unauthenticated firmware hijacking via OTA services."}, {"lang": "es", "value": "Una falta de mecanismos de autenticaci\u00f3n y autorizaci\u00f3n en el protocolo de comunicaci\u00f3n Bluetooth Low Energy (BLE) de SRK Powertech Pvt Ltd Pebble Prism Ultra v2.9.2 permite a los atacantes realizar ingenier\u00eda inversa del protocolo y ejecutar comandos arbitrarios en el dispositivo sin establecer una conexi\u00f3n. Esto es explotable a trav\u00e9s de la proximidad Bluetooth Low Energy (BLE) (Adyacente), sin requerir contacto f\u00edsico con el dispositivo. Adem\u00e1s, la vulnerabilidad no se limita a comandos arbitrarios, sino que incluye la interceptaci\u00f3n de datos en texto claro y el secuestro de firmware no autenticado a trav\u00e9s de servicios OTA."}], "lastModified": "2026-03-09T17:26:47.000", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:pebblepower:pebble_prism_ultra_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "95969418-0F7C-469B-B438-891AA89A9C57", "versionEndExcluding": "2.5.8"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:pebblepower:pebble_prism_ultra:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "6C0C5761-7D12-41A4-B1B5-2A54D708D86E"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}