Multiple audio devices, including earbuds and headphones from major vendors, are facing significant security risks due to vulnerabilities identified in Airoha’s Bluetooth system-on-a-chip products. Security researchers at ERNW have discovered that these vulnerabilities allow unauthorized access, potentially enabling attackers to manipulate devices and access sensitive information.
The vulnerabilities, categorized as CVE-2025-20700, CVE-2025-20701, and CVE-2025-20702, expose devices to a custom protocol that can be accessed via Bluetooth without authentication. This means that any malicious actor within range could take control of the headphones, and even further, read and write to the device’s RAM and flash storage, consequently hijacking connected devices such as smartphones.
Among the impacted products are popular models from brands like Bose, Marshall, and Sony, including the Bose QuietComfort earbuds and the Sony Link Buds S. Researchers have confirmed that both flagship and entry-level models from these brands are susceptible, indicating a widespread issue. The researchers emphasized the need to address the vulnerabilities and noted that further technical details will be released in the near future, although they withheld proof-of-concept information for now.
In response to the findings, Airoha has addressed the vulnerabilities in its software development kit (SDK) and is providing updated versions. However, the responsibility now falls on device manufacturers to implement and distribute firmware updates, a process that could be prolonged. As of the current report, no fixed firmware for the affected products has been released.