Bluetooth AVCTP Protocol Heap-based Buffer Overflow Vulnerability in Sony AV System
CVE-2025-5479
Currently unrated
What is CVE-2025-5479?
The vulnerability found in Sony XAV-AX8500 devices relates to a flaw in the Bluetooth AVCTP protocol implementation, which allows attackers to execute arbitrary code. This arises from inadequate validation of user-supplied data length when copying to a heap-based buffer. Compromised Bluetooth devices can leverage this weakness for remote code execution, posing significant risks to device integrity and user data security.