New Bluetooth Vulnerabilities Expose Headphones and Earbuds to Spying

A newly discovered set of critical vulnerabilities affecting millions of Bluetooth headphones and earbuds from major manufacturers has exposed users to potential eavesdropping and device hijacking attacks.

Security researchers have identified serious vulnerabilities in devices using Airoha Systems on a Chip (SoCs), which power audio products from brands including Sony, Marshall, Beyerdynamic, Bose, JBL, and Jabra.

The vulnerabilities, tracked under CVE numbers CVE-2025-20700, CVE-2025-20701, and CVE-2025-20702, allow attackers within Bluetooth range to completely take over affected devices without requiring any authentication or pairing.

The only requirement for exploitation is physical proximity – attackers need to be within approximately 10 meters of the target device.

The security vulnerabilities affect a staggering array of consumer audio devices, with researchers confirming vulnerabilities in over 30 specific models from major manufacturers.

Among the confirmed vulnerable devices are flagship products like the Sony WH-1000XM5, Sony WF-1000XM5, Bose QuietComfort Earbuds, and multiple Marshall speaker models including the ACTON III and STANMORE III.

Airoha Systems, the chip manufacturer behind these vulnerabilities, supplies Bluetooth SoCs to numerous audio device manufacturers, making it difficult to comprehensively identify all affected products.

The company has become a dominant supplier in the True Wireless Stereo (TWS) earbuds market, with their chips powering devices ranging from entry-level to premium flagship models.

Researchers noted that some manufacturers may not even be aware they’re using vulnerable Airoha chips, as many companies outsource Bluetooth module development to third parties.

This supply chain complexity makes tracking and patching the vulnerabilities particularly challenging.

Bluetooth Vulnerabilities

The discovered vulnerabilities expose a powerful custom protocol that allows attackers to manipulate devices by reading and writing both RAM and flash memory.

Security researchers demonstrated several attack scenarios that highlight the serious nature of these vulnerabilities.

In one demonstration, attackers successfully extracted information about currently playing media directly from a device’s memory.

More concerning, the vulnerabilities enable sophisticated eavesdropping attacks through multiple vectors, including the ability to establish unauthorized Bluetooth connections and listen to microphone recordings.

Perhaps most alarming is the potential for trust relationship hijacking. Attackers can extract Bluetooth pairing keys from compromised headphones and use them to impersonate the devices to previously paired smartphones.

This capability allows attackers to trigger phone calls, access contact information, and potentially eavesdrop on conversations within range of the paired phone.

Patch Process Underway

Airoha supplied fixed SDK versions to device manufacturers in early June 2025, following responsible disclosure that began in March.

However, as of the security advisory’s publication, no firmware updates have been released to consumers. The patching process remains complex due to the need for individual manufacturers to develop, test, and distribute updates for their specific products.

Security experts noted that while these vulnerabilities are technically serious, practical exploitation requires significant technical expertise and physical proximity.

The researchers suggest that high-value targets such as journalists, diplomats, and individuals in sensitive industries face the greatest risk and should consider avoiding Bluetooth headphones until patches become available.

Users concerned about their exposure are advised to monitor their device manufacturers for firmware updates and, in high-risk situations, to unpair their headphones from mobile devices until patches are available.

Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant Updates.