An insecure permission vulnerability exists in the Agasta Easytouch+ version 9.3.97 The device allows unauthorized mobile applications to connect via Bluetooth Low Energy (BLE) without authentication. Once an unauthorized connection is established, legitimate applications are unable to connect, causing a denial of service. The attack requires proximity to the device, making it exploitable from an adjacent network location.
Advisories
Source ID Title
EUVD EUVD EUVD-2025-32192 An insecure permission vulnerability exists in the Agasta Easytouch+ version 9.3.97 The device allows unauthorized mobile applications to connect via Bluetooth Low Energy (BLE) without authentication. Once an unauthorized connection is established, legitimate applications are unable to connect, causing a denial of service. The attack requires proximity to the device, making it exploitable from an adjacent network location.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Mon, 27 Oct 2025 18:15:00 +0000

Type Values Removed Values Added
First Time appeared Agasta easy Touch Plus
Agasta easy Touch Plus Firmware
CPEs cpe:2.3:h:agasta:easy_touch_plus:-:*:*:*:*:*:*:*
cpe:2.3:o:agasta:easy_touch_plus_firmware:9.3.97:*:*:*:*:*:*:*
Vendors & Products Agasta easy Touch Plus
Agasta easy Touch Plus Firmware

Fri, 03 Oct 2025 08:30:00 +0000

Type Values Removed Values Added
First Time appeared Agasta
Agasta easytouch+
Vendors & Products Agasta
Agasta easytouch+

Thu, 02 Oct 2025 20:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-277
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Thu, 02 Oct 2025 17:30:00 +0000

Type Values Removed Values Added
Description An insecure permission vulnerability exists in the Agasta Easytouch+ version 9.3.97 The device allows unauthorized mobile applications to connect via Bluetooth Low Energy (BLE) without authentication. Once an unauthorized connection is established, legitimate applications are unable to connect, causing a denial of service. The attack requires proximity to the device, making it exploitable from an adjacent network location.
References

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2025-10-02T19:38:25.829Z

Reserved: 2025-08-16T00:00:00.000Z

Link: CVE-2025-56019

cve-icon Vulnrichment

Updated: 2025-10-02T19:37:14.737Z

cve-icon NVD

Status : Analyzed

Published: 2025-10-02T18:15:46.163

Modified: 2025-10-27T18:04:15.510

Link: CVE-2025-56019

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2025-10-03T08:22:38Z