Logic Flaw in Key-Based Pairing Affects Android Devices
CVE-2025-36911
Key Information:
Badges
What is CVE-2025-36911?
The vulnerability arises from a logic error in the key-based pairing process of certain Android devices. This flaw may allow an attacker in proximity to exploit the issue and gain unauthorized access to sensitive user information, including conversations and location data. Notably, the attack does not require any user interaction or additional privileges, highlighting significant security concerns for impacted users.
Affected Version(s)
Android Android kernel
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
News Articles
Critical flaw lets hackers track, eavesdrop via Bluetooth audio devices
A critical vulnerability in Google's Fast Pair protocol can allow attackers to hijack Bluetooth audio accessories like wireless headphones and earbuds, track users, and eavesdrop on their conversations.
4 days ago
Critical WhisperPair flaw lets hackers track, eavesdrop via Bluetooth audio devices
A critical vulnerability in Google's Fast Pair protocol can allow attackers to hijack Bluetooth audio accessories like wireless headphones and earbuds, track users, and eavesdrop on their conversations.
4 days ago
References
CVSS V3.1
Timeline
- 🟡
Public PoC available
- 👾
Exploit known to exist
- 📰
First article discovered by BleepingComputer
Vulnerability published
Vulnerability Reserved