A high-severity vulnerability has been identified in the Airoha Bluetooth audio SDK, which is used in a wide range of audio products. This flaw, designated CVE-2025-20701, allows a nearby attacker to pair with a vulnerable device without any user interaction or consent. Successful exploitation could lead to unauthorized eavesdropping on audio calls, data interception, and a complete loss of confidentiality for communications handled by the affected device.

The vulnerability exists within the Bluetooth pairing process of the Airoha audio SDK. It appears to be a flaw in the implementation of the pairing protocol, potentially bypassing standard security mechanisms like user confirmation or passkey entry. An attacker within Bluetooth range can send specially crafted pairing requests to a vulnerable device, forcing it to establish a trusted connection without the owner's knowledge or approval. Once paired, the attacker could potentially access audio streams (both microphone and speaker), control media playback, and perform other actions permitted by the device's Bluetooth profiles.

This vulnerability is rated as High severity with a CVSS score of 8.8. Exploitation could have a significant business impact, particularly if affected devices are used for confidential business communications. The primary risk is corporate espionage, where an attacker could eavesdrop on sensitive meetings, phone calls, or private conversations. Further risks include social engineering through audio injection and potential reputational damage if products provided to customers are found to be vulnerable. The ease of exploitation (requiring only physical proximity) elevates the risk for employees in public spaces, corporate offices, and those handling sensitive information.

Immediate Action: Identify all devices utilizing the Airoha Bluetooth audio SDK and apply the security updates provided by Airoha or the specific product vendor immediately. After patching, it is crucial to unpair any unrecognized Bluetooth devices and reboot the hardware.

Proactive Monitoring: Security teams should monitor device and system logs for an unusual volume of Bluetooth pairing requests or successful pairings with unknown or unexpected device names. Reviewing logs for connections originating from unfamiliar Bluetooth MAC addresses can also help detect exploitation attempts. Monitor for unusual device behavior, such as unexpected microphone activation or audio being routed to an unknown output.

Compensating Controls: If immediate patching is not feasible, implement the following controls:

• Disable Bluetooth on affected devices when not in active use.
• Enforce a "never pair in untrusted environments" policy for all users.
• Restrict physical access to areas where sensitive conversations occur using these devices.
• Regularly audit the list of paired devices and instruct users to remove any unrecognized entries.

Public Exploit Available: false

Given the high CVSS score of 8.8 and the potential for complete confidentiality compromise, we recommend that organizations treat this vulnerability with high priority. The primary course of action is to conduct an inventory to identify all affected Airoha-based products and deploy the vendor-supplied patches without delay. Although there is no evidence of active exploitation, the low attack complexity makes it a significant threat, especially for devices used by executives or personnel in sensitive roles. Organizations should prioritize patching and implement the suggested compensating controls to mitigate risk until all devices are secured.