CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2025-41657: AUMA: Incorrect delivery status of the Bluetooth configuration

4.3 CVSS

Description

Due to an undocumented active bluetooth stack on products delivered within the period 01.01.2024 to 09.05.2025 fingerprinting is possible by an unauthenticated adjacent attacker.

Classification

CVE ID: CVE-2025-41657

CVSS Base Severity: MEDIUM

CVSS Base Score: 4.3

CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Problem Types

CWE-207 Observable Behavioral Discrepancy With Equivalent Products

Affected Products

Vendor: Auma

Product: AC1.2, PROFOX

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.02% (probability of being exploited)

EPSS Percentile: 1.79% (scored less or equal to compared to others)

EPSS Date: 2025-06-16 (when was this score calculated)

Stakeholder-Specific Vulnerability Categorization (SSVC)

SSVC Exploitation: none

SSVC Technical Impact: partial

SSVC Automatable: false

References

https://nvd.nist.gov/vuln/detail/CVE-2025-41657
https://certvde.com/en/advisories/VDE-2025-047

Timeline

2025-06-10 23:40:12 UTC
CVE

AUMA: Incorrect delivery status of the Bluetooth configuration