CVE-2025-69969

CRITICAL EPSS 36.6%

Published Mar 4, 20263mo ago · Modified Jun 17, 20261w ago

9.6 CVSS 3.1

Critical

Published Mar 4, 2026 3mo ago

Last Modified Jun 17, 2026 1w ago

Description

A lack of authentication and authorization mechanisms in the Bluetooth Low Energy (BLE) communication protocol of SRK Powertech Pvt Ltd Pebble Prism Ultra v2.9.2 allows attackers to reverse engineer the protocol and execute arbitrary commands on the device without establishing a connection. This is exploitable over Bluetooth Low Energy (BLE) proximity (Adjacent), requiring no physical contact with the device. Furthermore, the vulnerability is not limited to arbitrary commands but includes cleartext data interception and unauthenticated firmware hijacking via OTA services.

CVSS Details

Base Score

9.6

Exploitability

2.8

Impact

6.0

Vector string

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Attack Vector Adjacent

Attack Complexity Low

Privileges Required None

User Interaction None

Scope Changed

Confidentiality High

Integrity High

Availability High

Threat Intelligence

EPSS Exploit Probability

36.6% percentile

Exploit & Patch Status

Public Exploit Known

No Patch Available

Weaknesses 2

CWE-311

CWE-319

Affected Products 2

Vendor	Product	Version	Range
pebblepower	pebble_prism_ultra_firmware	*	<2.5.8
pebblepower	pebble_prism_ultra	*	any

References 2

github.com https://github.com/mukundbhuva/BLEached-Security

ExploitThird Party Advisory
github.com https://github.com/mukundbhuva/BLEached-Security/security/advisories/GHSA-cp6q-87g8-mq77

ExploitThird Party Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.