CVE-2025-69969 - Vulnerability Analysis
CriticalCVSS: 9.6Last Updated: March 4, 2026
SRK Powertech Pvt Ltd Pebble Prism Ultra - Authentication Bypass
Overview
SRK Powertech Pvt Ltd Pebble Prism Ultra v2.9.2 contains a broken authentication and authorization caused by lack of mechanisms in BLE communication protocol, letting attackers execute arbitrary commands, intercept data, and hijack firmware over BLE proximity without connection.
Severity & Score
Impact
Attackers can execute arbitrary commands, intercept cleartext data, and hijack firmware remotely via BLE, leading to full device compromise.
Mitigation
Update to the latest version with proper authentication and authorization mechanisms in BLE communication.
References
Social Media Activity(1 post)
š“ CVE-2025-69969 - Critical (9.6) A lack of authentication and authorization mechanisms in the Bluetooth Low Energy (BLE) communication protocol of SRK Powertech Pvt Ltd Pebble Prism Ultra v2.9.2 allows attackers to reverse engineer the protocol and execute arbitrary commands on t... š https://www.thehackerwire.com/vulnerability/CVE-2025-69969/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original postRelated Resources
Details
- CVE ID
- CVE-2025-69969
- Severity
- Critical
- CVSS Score
- 9.6
- Type
- broken_authentication
- Status
- unconfirmed
- EPSS
- 3.4%
- Social Posts
- 1
CWE
- CWE-311
CVSS Metrics
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H