A newly disclosed set of Bluetooth vulnerabilities in Airoha-powered audio devices could allow attackers to eavesdrop on users, hijack connections, and extract sensitive information—all without the victim’s knowledge.
What Is the Bluetooth Headphone Vulnerability?
Security researchers at ERNW revealed the flaws, highlighting serious authentication issues in both Bluetooth Classic and BLE (Bluetooth Low Energy) services used by Airoha System-on-Chip (SoC). Affected devices include some of the most popular headphones and earbuds on the market, such as those from Sony, Bose, JBL, Jabra, Marshall, Beyerdynamic, and others.
While you likely haven’t heard of Airoha, as per the above list of headphone manufacturers, you’ve definitely used its hardware built into other products.
There are three main issues:
- CVE-2025-20700: Missing Authentication for GATT Services
- CVE-2025-20701: Missing Authentication for Bluetooth BR/EDR
- CVE-2025-20702: Critical Capabilities of a Custom Protocol
One of the flaws (CVE-2025-20702) has been rated near-critical (CVSS 9.6), making this a high-priority issue for manufacturers and security-conscious users alike.
In combination, these vulnerabilities could allow an attacker to turn Bluetooth headphones into eavesdropping devices, effectively utilizing the headphones’ on-device microphones as recording devices. One attack method saw the researchers redirect sound, allowing them to hear the listener’s surroundings. A second attack exploited the relationship between paired Bluetooth devices, issuing commands to the paired device to make a secret call or extract data from the device.
Are Your Bluetooth Headphones at Risk?
Now, here’s why you shouldn’t be too worried about this Bluetooth vulnerability: the exploits require the attacker to be within physical proximity. Due to how Bluetooth functions—close range wireless connections—this is unlikely to be exploited at significant scale.
ERNW’s report identifies the following headphones as vulnerable:
|
Brand |
Product Names |
|---|---|
|
Beyerdynamic |
Amiron 300 |
|
Bose |
QuietComfort Earbuds |
|
EarisMax |
Bluetooth Auracast Sender |
|
Jabra |
Elite 8 Active |
|
JBL |
Endurance Race 2, Live Buds 3 |
|
Jlab |
Epic Air Sport ANC |
|
Marshall |
ACTON III, MAJOR V, MINOR IV, MOTIF II, STANMORE III, WOBURN III |
|
MoerLabs |
EchoBeatz |
|
Sony |
CH-720N, Link Buds S, ULT Wear, WF-1000XM3, WF-1000XM4, WF-1000XM5, WF-C500, WF-C510-GFP, WH-1000XM4, WH-1000XM5, WH-1000XM6, WH-CH520, WH-XB910N, WI-C100 |
|
Teufel |
Tatws2 |
But with Airoha chipsets powering millions of Bluetooth audio devices, there are potentially millions of vulnerable devices.
How to Keep Your Bluetooth Headphones Safe
The biggest safety tip is to keep an eye out for any upcoming firmware updates for your Bluetooth headphones or earbuds. Airoha has already launched a fix for the vulnerabilities, but, as per ERNW’s report dated June 25, 2025, “we are not aware of any fixed firmware release.”
Headphone manufacturers are likely building up to releasing the bug fix, along with other fixes, as part of a regular patch program, but the fix is incoming.
Until manufacturers issue confirmed patches, users of affected headphones should:
- Check for firmware updates using the official app
- Unpair and stop using affected models in sensitive environments
- Stay alert for security advisories from your headphone brand
While exploitation of this flaw requires technical expertise and physical proximity, the discovery highlights the growing security implications of consumer electronics. With headphones now acting as gateways for digital assistants, calls, and music, a flaw like this can become a serious privacy threat.
