What is CVE-2022-25836?

CVE-2022-25836 is a high-severity vulnerability in Bluetooth Bluetooth_core_specification, classified under Authentication Bypass by Capture-replay. CVSS score: 7.5/10. Published 2022-12-12.

How severe is CVE-2022-25836?

High severity. CVSS v3 base score is 7.5 out of 10.

Is CVE-2022-25836 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Bluetooth Bluetooth_core_specification

CVE-2022-25836

Bluetooth® Low Energy Pairing in Bluetooth Core Specification v4.0 through v5.3 may permit an unauthenticated MITM to acquire credentials with two pairing devices via adjacent access when the MITM negotiates Legacy Passkey Pairing with the…

EPSS: 0.004 (27.0th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N.

Affected products

Bluetooth Bluetooth_core_specification
N/a — versions n/a

Weakness classification (CWE)

CWE-294 — Authentication Bypass by Capture-replay

Public proof-of-concept exploits

References

cve@mitre.org (Vendor Advisory)

Frequently asked questions

What is CVE-2022-25836?: CVE-2022-25836 is a high-severity vulnerability in Bluetooth Bluetooth_core_specification, classified under Authentication Bypass by Capture-replay. CVSS score: 7.5/10. Published 2022-12-12.
How severe is CVE-2022-25836?: High severity. CVSS v3 base score is 7.5 out of 10.
Is CVE-2022-25836 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.