Security researchers have disclosed critical vulnerabilities in Airoha-based Bluetooth headphones that enable attackers to compromise connected smartphones through chained exploits.
The three vulnerabilities CVE-2025-20700, CVE-2025-20701, and CVE-2025-20702 affect dozens of popular headphone models from Sony, Marshall, Jabra, Bose, and other manufacturers.
The vulnerabilities center on missing authentication mechanisms and exposed debugging functionality in Airoha’s custom RACE protocol, which is used for device configuration and firmware updates.
Attackers within Bluetooth range can exploit these flaws without requiring prior pairing or user interaction.
https://gbhackers.com/new-bluetooth-hea ... abilities/