Bluetooth Encryption Key Size Vulnerability in Linux Kernel by Vencer Co., Ltd.
CVE-2025-39889

5.5MEDIUM

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 24 September 2025

What is CVE-2025-39889?

A vulnerability exists in the Bluetooth stack of the Linux kernel, where an improper check of the encryption key size allows connections with insufficient security. Specifically, the system fails to validate the key size on incoming connection requests, which should comply with Security Mode 4 Level 4 that mandates a 16-byte key size. This oversight may allow devices with weaker encryption to establish a connection, undermining the intended security requirements and potentially exposing sensitive data.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Linux 288c06973daae4637f25a0d1bdaf65fdbf8455f9 < 24b2cdfc16e9bd6ab3d03b8e01c590755bd3141f

Linux 288c06973daae4637f25a0d1bdaf65fdbf8455f9

Linux 288c06973daae4637f25a0d1bdaf65fdbf8455f9 < 9e3114958d87ea88383cbbf38c89e04b8ea1bce5

References

https://git.kernel.org/stable/c/24b2cdfc16e9bd6ab3d03b8e0...

https://git.kernel.org/stable/c/c6d527bbd3d3896375079f5db...

https://git.kernel.org/stable/c/9e3114958d87ea88383cbbf38...

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 24, 2025
Vulnerability Reserved
Apr 16, 2025

JSON

Linux

What is CVE-2025-39889?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.