An insecure permission vulnerability exists in the Agasta Easytouch+ version 9.3.97 The device allows unauthorized mobile applications to connect via Bluetooth Low Energy (BLE) without authentication. Once an unauthorized connection is established, legitimate applications are unable to connect, causing a denial of service. The attack requires proximity to the device, making it exploitable from an adjacent network location.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Thu, 02 Oct 2025 20:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-277
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Thu, 02 Oct 2025 17:30:00 +0000

Type Values Removed Values Added
Description An insecure permission vulnerability exists in the Agasta Easytouch+ version 9.3.97 The device allows unauthorized mobile applications to connect via Bluetooth Low Energy (BLE) without authentication. Once an unauthorized connection is established, legitimate applications are unable to connect, causing a denial of service. The attack requires proximity to the device, making it exploitable from an adjacent network location.
References

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2025-10-02T19:38:25.829Z

Reserved: 2025-08-16T00:00:00.000Z

Link: CVE-2025-56019

cve-icon Vulnrichment

Updated: 2025-10-02T19:37:14.737Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2025-10-02T18:15:46.163

Modified: 2025-10-02T20:15:33.033

Link: CVE-2025-56019

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.