CVE-2025-69969 - Vulnerability Analysis
CriticalCVSS: 9.6Last Updated: March 4, 2026
SRK Powertech Pvt Ltd Pebble Prism Ultra - Authentication Bypass
Published: March 4, 2026Updated: March 4, 2026
Overview
SRK Powertech Pvt Ltd Pebble Prism Ultra v2.9.2 contains a broken authentication and authorization caused by lack of mechanisms in BLE communication protocol, letting attackers execute arbitrary commands, intercept data, and hijack firmware over BLE proximity without connection.
Severity & Score
Severity: Critical
CVSS Score: 9.6
Impact
Attackers can execute arbitrary commands, intercept cleartext data, and hijack firmware remotely via BLE, leading to full device compromise.
Mitigation
Update to the latest version with proper authentication and authorization mechanisms in BLE communication.
References
Related Resources
Details
- CVE ID
- CVE-2025-69969
- Severity
- Critical
- CVSS Score
- 9.6
- Type
- broken_authentication
- Status
- unconfirmed
CWE
- CWE-311
CVSS Metrics
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H