Stack-based Buffer Overflow Vulnerability in Alpine iLX-507 Device
CVE-2025-8477

7.4HIGH

Key Information:

Vendor: Alpine
Status: Ilx-507
Vendor: CVE Published:; 1 August 2025

What is CVE-2025-8477?

The Alpine iLX-507 device contains a stack-based buffer overflow vulnerability due to improper validation of vCard data during parsing. This issue enables network-adjacent attackers to execute arbitrary code by connecting a malicious Bluetooth device. Exploiting this flaw requires user interaction to establish the connection, which compromises the device by allowing code execution in the context of root. Proper safeguards and validation checks must be implemented to protect against such attacks.

Affected Version(s)

iLX-507 6.0.000

References

https://www.zerodayinitiative.com/advisories/ZDI-25-767/

x_research-advisory

CVSS V3.0

Score:

7.4

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 1, 2025
Vulnerability Reserved
Aug 1, 2025