CVE-2025-41657

Summary

Due to an undocumented active bluetooth stack on products delivered within the period 01.01.2024 to 09.05.2025 fingerprinting is possible by an unauthenticated adjacent attacker.

Affected Software

VendorProductVersion RangeStatus
AumaAC1.201.01.2024 < 09.05.2025affected
AumaPROFOX01.01.2024 < 09.05.2025affected

Weaknesses

  • CWE-207: CWE-207 Observable Behavioral Discrepancy With Equivalent Products

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References