Vulnerability intelligence
CVE-2025-20701
In the Airoha Bluetooth audio SDK, there is a possible way to pair Bluetooth audio device without user consent. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVSS Score
8.8
High
EPSS — Exploit Probability
3.4%
Riskier than 87% of all CVEs
Exploitation
Not in CISA KEV
No federal exploitation record
Remediation
unknown
Check vendor advisories
1 article across 1 outlet · first covered Jun 18, 2026 · latest Jun 18, 2026
Coverage timeline
-
Apple patches Beats Buds eavesdropping bug CVE-2025-20701arstechnica.com · Jun 18, 2026