CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2025-3885: Harman Becker MGU21 Bluetooth Improper Input Validation Denial-of-Service Vulnerability

5.3 CVSS

Description

Harman Becker MGU21 Bluetooth Improper Input Validation Denial-of-Service Vulnerability. This vulnerability allows network-adjacent attackers to create a denial-of-service condition on affected installations of Harman Becker MGU21 devices. Authentication is not required to exploit this vulnerability.

The specific flaw exists within the Bluetooth stack of the BCM89359 chipset. The issue results from the lack of proper validation of Bluetooth frames. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-23942.

Classification

CVE ID: CVE-2025-3885

CVSS Base Severity: MEDIUM

CVSS Base Score: 5.3

CVSS Vector: CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Problem Types

CWE-20: Improper Input Validation

Affected Products

Vendor: Harman Becker

Product: MGU21

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.06% (probability of being exploited)

EPSS Percentile: 18.14% (scored less or equal to compared to others)

EPSS Date: 2025-06-19 (when was this score calculated)

Stakeholder-Specific Vulnerability Categorization (SSVC)

SSVC Exploitation: none

SSVC Technical Impact: partial

SSVC Automatable: false

References

https://nvd.nist.gov/vuln/detail/CVE-2025-3885
https://www.zerodayinitiative.com/advisories/ZDI-25-251/

Timeline

2025-04-24 00:15:22 UTC
Zero Day Initiative Published Advisories

ZDI-25-251: (0Day) Harman Becker MGU21 Bluetooth Improper Input Validation Denial-of-Service Vulnerability
2025-05-22 19:40:11 UTC
CVE

Harman Becker MGU21 Bluetooth Improper Input Validation Denial-of-Service Vulnerability