Main Vulnerability Database Vulnerabilities #VU134688

Improper access control in Beats firmware - CVE-2025-20701

Published: June 17, 2026

Vulnerability identifier: #VU134688

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2025-20701

CWE-ID: CWE-284

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Apple Inc.

Affected software:
Beats firmware

Detailed vulnerability description

The vulnerability allows a remote attacker to listen through the microphone of a device.

The vulnerability exists due to improper access control in the Bluetooth component when handling pair requests from an unpaired device that is actively seeking pair requests. An attacker with physical proximity to the system can operate within Bluetooth range to listen through the microphone of a device.

The issue affects devices that are not yet paired and are actively seeking pair requests.

How to mitigate CVE-2025-20701

Install security update from vendor's website.

Sources

https://support.apple.com/en-us/127557

Improper access control in Beats firmware - CVE-2025-20701

Detailed vulnerability description

How to mitigate CVE-2025-20701

Sources

Please verify you're human