CVE-2022-25837

CVE-2022-25837 is a high-severity vulnerability in Bluetooth Bluetooth Core Specification with a CVSS 3.x base score of 7.5. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-294.

Key facts

Description

Bluetooth® Pairing in Bluetooth Core Specification v1.0B through v5.3 may permit an unauthenticated MITM to acquire credentials with two pairing devices via adjacent access when at least one device supports BR/EDR Secure Connections pairing and the other BR/EDR Legacy PIN code pairing if the MITM negotiates BR/EDR Secure Simple Pairing in Secure Connections mode using the Passkey association model with the pairing Initiator and BR/EDR Legacy PIN code pairing with the pairing Responder and brute forces the Passkey entered by the user into the Responder as a 6-digit PIN code. The MITM attacker can use the identified PIN code value as the Passkey value to complete authentication with the Initiator via Bluetooth pairing method confusion.

Frequently asked questions

What is CVE-2022-25837?
Bluetooth® Pairing in Bluetooth Core Specification v1.0B through v5.3 may permit an unauthenticated MITM to acquire credentials with two pairing devices via adjacent access when at least one device supports BR/EDR Secure Connections pairing and the other BR/EDR Legacy PIN code pairing if the MITM negotiates BR/EDR Secure Simple Pairing in Secure Connections mode using the Passkey association model with the pairing Initiator and BR/EDR Legacy PIN code pairing with the pairing Responder and brute forces the Passkey entered by the user into the Responder as a 6-digit PIN code. The MITM attacker can use the identified PIN code value as the Passkey value to complete authentication with the Initiator via Bluetooth pairing method confusion.
How severe is CVE-2022-25837?
CVE-2022-25837 has a CVSS 3.x base score of 7.5, rated high severity. It is exploitable over an adjacent network with high attack complexity, requires no privileges and user interaction. Impact on confidentiality is high, integrity high, and availability none.
Is CVE-2022-25837 being actively exploited?
It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 0% (27th percentile), an estimate of the probability of exploitation in the next 30 days.
What products are affected by CVE-2022-25837?
CVE-2022-25837 affects Bluetooth Bluetooth Core Specification. See the affected-products list for the exact vulnerable versions.
How do I fix CVE-2022-25837?
Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround. Given its high severity, prioritise patching exposed systems.
When was CVE-2022-25837 published?
CVE-2022-25837 was published on 2022-12-12 and last updated on 2026-06-17.

References

Affected products (1)

More vulnerabilities in Bluetooth Bluetooth Core Specification

All CVEs affecting Bluetooth Bluetooth Core Specification →

Other CWE-294 (Authentication Bypass by Capture-replay) vulnerabilities

Browse all CWE-294 (Authentication Bypass by Capture-replay) vulnerabilities →