HBSA-2025-0002
Vulnerability from csaf_harmaninternational - Published: 2025-12-10 07:00 - Updated: 2025-12-10 07:00Summary
BLE ICM Vulnerability in JBL Headphones
Severity
6.5 (medium)
Notes
Summary: The BLE controller in certain consumer products fails to properly validate the channel map field in connection requests, enabling attackers within radio range to cause a denial of service through a specially crafted packet.
Impact: Sending an invalid connection request to a JBL Bluetooth Speaker causes it to crash or enter a deadlock state, halting music playback and disconnecting existing connections. Recovery requires manual reboot by the user, as reconnection is impossible in this state.
Remediation: No remediation is available as of now. A manual reboot of the device by the user is required to restore functionality.
6.5 (Medium)
None Available
No fix available
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JBL Flip 5
JBL
|
05003635916005003635917705003635918405003635919105003635920705003635921405003635922105003635923805003635924505003635925205003635927605003635928305003635929005003635929005003635930605003635931305003635932005003635933705003635934405003635935105003635948105003635949805003636108805003636773805003636774505003636775205003636776905003636777605003636778305003636779005003636780605003636781305003636782005003636783705003637032505003637033205003637034905003637035605003637205305003637206005003637602005003637737905003637738605003637739305003638628905003639734605003639734612001300017101200130004018120013000401812001300053434968929055777496892905578449689290557914968929055807496892905581449689290558214968929055838496892905584549689290558524968929055869496892905599949689290685556925281954566692528195457369252819545736925281954580692528195458069252819545976925281954597692528195460369252819546106925281954627692528195463469252819546416925281954658692528195467269252819546896925281954696692528195470269252819547196925281954726692528195473369252819547406925281954757692528195489469252819549006925281971037692528197104469252819734066925281973703692528197372769252819737896925281973796692528197380269252819738196925281973826692528197383369252819776956925281985607692528199770978963595627877896359562794789635956280078963595628177896359562824
|
— | |
|
JBL Flip 6
JBL
|
050036384315050036384315050036384322050036384322050036384339050036384339050036384346050036384346050036384353050036384360050036384377050036384384050036384391050036384407050036384414050036384421050036384438050036384445050036384452050036384469050036384476050036384483050036385220050036386784050036386807050036392501050036392556050036392563050036392679050036392808120013000141349689292142044968929214211496892921422849689292142354968929214242496892921426649689292142734968929214280692528194266269252819929716925281992971692528199298869252819929956925281992995692528199300869252819930156925281993039692528199304669252819930536925281993077692528199310769252819931386925281993145692528199425869252819951636925281995170692528199521769252819952246925281995767
|
— | |
|
JBL Pulse 4
JBL
|
050036362320050036370608050036362306050036362290050036370615050036362313692528195834278963595647296925281958328692528195831169252819745336925281958335692528197377249689290568974968929056880
|
— | |
|
JBL Pulse 5
JBL
|
5003638969350036389730500363936834968929215959692528190096969252819678496925281999574
|
— | |
|
JBL Boombox 2
JBL
|
0500363686740500363686810500363686980500363687040500363687110500363687280500363687280500363687350500363687420500363687590500363687660500363687730500363687800500363687970500363688030500363760060500363760130500363810240500363810314968929059614496892905962169252819679556925281967962692528196797969252819679866925281967993692528196800669252819680066925281968013692528196803769252819680516925281968051692528196806869252819680756925281968082692528196811269252819681126925281968129692528198070169252819837026925281983719692528198505869252819961776925281997716789635956604478963595681859346112023348
|
— | |
|
JBL Boombox 3
JBL
|
050036389075050036389082050036389099050036389105050036392815496892921542349689292154305003638909950036389105500363891125003638912950036389136500363891435003638915050036389167500363891745003638917450036389181500363891815003638919850036389204500363892115003638922850036389235500363892425003639298369252819755786925281975684692528197791669252819779236925281998744692528199875169252819987686925281998768692528199877569252819987756925281998782692528199879969252819988056925281998812692528199882969252819988366925281998843692528199884369252819988436925281998850692528199885069252819988506925281998867692528199887469252819988816925281998898692528199890469252819989119346112036607
|
— | |
|
JBL Xtreme 3
JBL
|
0500363751150500363750540500363750610500363750780500363750850500363750920500363751080500363751150500363751220500363751390500363751460500363751530500363751600500363751770500363751840500363751910500363752070500363752140500363752210500363752380500363752450500363752520500363752690500363752760500363752830500363769070500363769140500363769210500363818260500363818330500363818400500363818570500363863020500363863190500363863264968929078424496892907843149689290784486925281977459692528197746669252819774736925281977480692528197749769252819775036925281977510692528197752769252819775346925281977541692528197755869252819775656925281977572692528197758969252819775966925281977602692528197760269252819776196925281977619692528197762669252819776336925281977640692528197765769252819776646925281977671692528197768869252819849456925281984952692528198496969252819849766925281989858692528198986569252819910806925281992575692528199432669252819999947896359567355789635956736293461120167159346112030964
|
— |
References
3 references
Acknowledgments
{
"document": {
"acknowledgments": [
{
"organization": "CERT@VDE",
"summary": "coordinating",
"urls": [
"https://certvde.com"
]
},
{
"names": [
"Mattar Bernhard"
],
"organization": "Hummus Sec",
"summary": "reporting"
}
],
"aggregate_severity": {
"namespace": "https://www.first.org/cvss/calculator/3-1#CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
"text": "6.5 (Medium)"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "en-GB",
"notes": [
{
"category": "summary",
"text": "The BLE controller in certain consumer products fails to properly validate the channel map field in connection requests, enabling attackers within radio range to cause a denial of service through a specially crafted packet. ",
"title": "Summary"
},
{
"category": "description",
"text": "Sending an invalid connection request to a JBL Bluetooth Speaker causes it to crash or enter a deadlock state, halting music playback and disconnecting existing connections. Recovery requires manual reboot by the user, as reconnection is impossible in this state. ",
"title": "Impact"
},
{
"category": "description",
"text": "No remediation is available as of now. A manual reboot of the device by the user is required to restore functionality.",
"title": "Remediation"
}
],
"publisher": {
"category": "vendor",
"contact_details": "productsecurity@harman.com",
"name": "Harman International",
"namespace": "https://www.harman.com"
},
"references": [
{
"category": "external",
"summary": "CERT@VDE Security Advisories for Harman",
"url": "https://certvde.com/en/advisories/vendor/harmann/"
},
{
"category": "self",
"summary": "HBSA-2025-0002: BLE ICM Vulnerability in JBL Headphones - HTML",
"url": "https://certvde.com/en/advisories/VDE-2025-089"
},
{
"category": "self",
"summary": "HBSA-2025-0002: BLE ICM Vulnerability in JBL Headphones - CSAF",
"url": "https://harman.csaf-tp.certvde.com/.well-known/csaf/white/2025/hbsa-2025-0002.json"
}
],
"title": "BLE ICM Vulnerability in JBL Headphones",
"tracking": {
"aliases": [
"VDE-2025-089"
],
"current_release_date": "2025-12-10T07:00:00.000Z",
"generator": {
"date": "2025-12-08T12:02:07.922Z",
"engine": {
"name": "Secvisogram",
"version": "2.5.40"
}
},
"id": "HBSA-2025-0002",
"initial_release_date": "2025-12-10T07:00:00.000Z",
"revision_history": [
{
"date": "2025-12-10T07:00:00.000Z",
"number": "1.0.0",
"summary": "Initial version"
}
],
"status": "final",
"version": "1.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Flip 5",
"product": {
"name": "JBL Flip 5",
"product_id": "CSAFPID-1101",
"product_identification_helper": {
"skus": [
"050036359160",
"050036359177",
"050036359184",
"050036359191",
"050036359207",
"050036359214",
"050036359221",
"050036359238",
"050036359245",
"050036359252",
"050036359276",
"050036359283",
"050036359290",
"050036359290",
"050036359306",
"050036359313",
"050036359320",
"050036359337",
"050036359344",
"050036359351",
"050036359481",
"050036359498",
"050036361088",
"050036367738",
"050036367745",
"050036367752",
"050036367769",
"050036367776",
"050036367783",
"050036367790",
"050036367806",
"050036367813",
"050036367820",
"050036367837",
"050036370325",
"050036370332",
"050036370349",
"050036370356",
"050036372053",
"050036372060",
"050036376020",
"050036377379",
"050036377386",
"050036377393",
"050036386289",
"050036397346",
"050036397346",
"1200130001710",
"1200130004018",
"1200130004018",
"1200130005343",
"4968929055777",
"4968929055784",
"4968929055791",
"4968929055807",
"4968929055814",
"4968929055821",
"4968929055838",
"4968929055845",
"4968929055852",
"4968929055869",
"4968929055999",
"4968929068555",
"6925281954566",
"6925281954573",
"6925281954573",
"6925281954580",
"6925281954580",
"6925281954597",
"6925281954597",
"6925281954603",
"6925281954610",
"6925281954627",
"6925281954634",
"6925281954641",
"6925281954658",
"6925281954672",
"6925281954689",
"6925281954696",
"6925281954702",
"6925281954719",
"6925281954726",
"6925281954733",
"6925281954740",
"6925281954757",
"6925281954894",
"6925281954900",
"6925281971037",
"6925281971044",
"6925281973406",
"6925281973703",
"6925281973727",
"6925281973789",
"6925281973796",
"6925281973802",
"6925281973819",
"6925281973826",
"6925281973833",
"6925281977695",
"6925281985607",
"6925281997709",
"7896359562787",
"7896359562794",
"7896359562800",
"7896359562817",
"7896359562824"
]
}
}
},
{
"category": "product_name",
"name": "Flip 6",
"product": {
"name": "JBL Flip 6",
"product_id": "CSAFPID-1102",
"product_identification_helper": {
"skus": [
"050036384315",
"050036384315",
"050036384322",
"050036384322",
"050036384339",
"050036384339",
"050036384346",
"050036384346",
"050036384353",
"050036384360",
"050036384377",
"050036384384",
"050036384391",
"050036384407",
"050036384414",
"050036384421",
"050036384438",
"050036384445",
"050036384452",
"050036384469",
"050036384476",
"050036384483",
"050036385220",
"050036386784",
"050036386807",
"050036392501",
"050036392556",
"050036392563",
"050036392679",
"050036392808",
"1200130001413",
"4968929214204",
"4968929214211",
"4968929214228",
"4968929214235",
"4968929214242",
"4968929214266",
"4968929214273",
"4968929214280",
"6925281942662",
"6925281992971",
"6925281992971",
"6925281992988",
"6925281992995",
"6925281992995",
"6925281993008",
"6925281993015",
"6925281993039",
"6925281993046",
"6925281993053",
"6925281993077",
"6925281993107",
"6925281993138",
"6925281993145",
"6925281994258",
"6925281995163",
"6925281995170",
"6925281995217",
"6925281995224",
"6925281995767"
]
}
}
},
{
"category": "product_name",
"name": "Pulse 4",
"product": {
"name": "JBL Pulse 4",
"product_id": "CSAFPID-1103",
"product_identification_helper": {
"skus": [
"050036362320",
"050036370608",
"050036362306",
"050036362290",
"050036370615",
"050036362313",
"6925281958342",
"7896359564729",
"6925281958328",
"6925281958311",
"6925281974533",
"6925281958335",
"6925281973772",
"4968929056897",
"4968929056880"
]
}
}
},
{
"category": "product_name",
"name": "Pulse 5",
"product": {
"name": "JBL Pulse 5",
"product_id": "CSAFPID-1104",
"product_identification_helper": {
"skus": [
"50036389693",
"50036389730",
"50036393683",
"4968929215959",
"6925281900969",
"6925281967849",
"6925281999574"
]
}
}
},
{
"category": "product_name",
"name": "Boombox 2",
"product": {
"name": "JBL Boombox 2",
"product_id": "CSAFPID-1105",
"product_identification_helper": {
"skus": [
"050036368674",
"050036368681",
"050036368698",
"050036368704",
"050036368711",
"050036368728",
"050036368728",
"050036368735",
"050036368742",
"050036368759",
"050036368766",
"050036368773",
"050036368780",
"050036368797",
"050036368803",
"050036376006",
"050036376013",
"050036381024",
"050036381031",
"4968929059614",
"4968929059621",
"6925281967955",
"6925281967962",
"6925281967979",
"6925281967986",
"6925281967993",
"6925281968006",
"6925281968006",
"6925281968013",
"6925281968037",
"6925281968051",
"6925281968051",
"6925281968068",
"6925281968075",
"6925281968082",
"6925281968112",
"6925281968112",
"6925281968129",
"6925281980701",
"6925281983702",
"6925281983719",
"6925281985058",
"6925281996177",
"6925281997716",
"7896359566044",
"7896359568185",
"9346112023348"
]
}
}
},
{
"category": "product_name",
"name": "Boombox 3",
"product": {
"name": "JBL Boombox 3",
"product_id": "CSAFPID-1106",
"product_identification_helper": {
"skus": [
"050036389075",
"050036389082",
"050036389099",
"050036389105",
"050036392815",
"4968929215423",
"4968929215430",
"50036389099",
"50036389105",
"50036389112",
"50036389129",
"50036389136",
"50036389143",
"50036389150",
"50036389167",
"50036389174",
"50036389174",
"50036389181",
"50036389181",
"50036389198",
"50036389204",
"50036389211",
"50036389228",
"50036389235",
"50036389242",
"50036392983",
"6925281975578",
"6925281975684",
"6925281977916",
"6925281977923",
"6925281998744",
"6925281998751",
"6925281998768",
"6925281998768",
"6925281998775",
"6925281998775",
"6925281998782",
"6925281998799",
"6925281998805",
"6925281998812",
"6925281998829",
"6925281998836",
"6925281998843",
"6925281998843",
"6925281998843",
"6925281998850",
"6925281998850",
"6925281998850",
"6925281998867",
"6925281998874",
"6925281998881",
"6925281998898",
"6925281998904",
"6925281998911",
"9346112036607"
]
}
}
},
{
"category": "product_name",
"name": "Xtreme 3",
"product": {
"name": "JBL Xtreme 3",
"product_id": "CSAFPID-1107",
"product_identification_helper": {
"skus": [
"050036375115",
"050036375054",
"050036375061",
"050036375078",
"050036375085",
"050036375092",
"050036375108",
"050036375115",
"050036375122",
"050036375139",
"050036375146",
"050036375153",
"050036375160",
"050036375177",
"050036375184",
"050036375191",
"050036375207",
"050036375214",
"050036375221",
"050036375238",
"050036375245",
"050036375252",
"050036375269",
"050036375276",
"050036375283",
"050036376907",
"050036376914",
"050036376921",
"050036381826",
"050036381833",
"050036381840",
"050036381857",
"050036386302",
"050036386319",
"050036386326",
"4968929078424",
"4968929078431",
"4968929078448",
"6925281977459",
"6925281977466",
"6925281977473",
"6925281977480",
"6925281977497",
"6925281977503",
"6925281977510",
"6925281977527",
"6925281977534",
"6925281977541",
"6925281977558",
"6925281977565",
"6925281977572",
"6925281977589",
"6925281977596",
"6925281977602",
"6925281977602",
"6925281977619",
"6925281977619",
"6925281977626",
"6925281977633",
"6925281977640",
"6925281977657",
"6925281977664",
"6925281977671",
"6925281977688",
"6925281984945",
"6925281984952",
"6925281984969",
"6925281984976",
"6925281989858",
"6925281989865",
"6925281991080",
"6925281992575",
"6925281994326",
"6925281999994",
"7896359567355",
"7896359567362",
"9346112016715",
"9346112030964"
]
}
}
}
],
"category": "vendor",
"name": "JBL"
}
],
"product_groups": [
{
"group_id": "CSAFGID-0001",
"product_ids": [
"CSAFPID-1101",
"CSAFPID-1102",
"CSAFPID-1103",
"CSAFPID-1104",
"CSAFPID-1105",
"CSAFPID-1106",
"CSAFPID-1107"
],
"summary": "Affected products."
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Mattar Bernhard"
],
"organization": "Hummus Sec",
"summary": "reporting"
}
],
"cve": "CVE-2024-2105",
"cwe": {
"id": "CWE-1287",
"name": "Improper Validation of Specified Type of Input"
},
"discovery_date": "2023-08-10T10:00:00.000Z",
"notes": [
{
"audience": "all",
"category": "general",
"text": "An unauthorised attacker within bluetooth range may use an improper validation during the BLE connection request to deadlock the affected devices.",
"title": "Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1101",
"CSAFPID-1102",
"CSAFPID-1103",
"CSAFPID-1104",
"CSAFPID-1105",
"CSAFPID-1106",
"CSAFPID-1107"
]
},
"release_date": "2024-03-01T11:00:00.000Z",
"remediations": [
{
"category": "none_available",
"date": "2025-07-01T10:00:00.000Z",
"details": "No fix available",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 6.5,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 6.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1101",
"CSAFPID-1102",
"CSAFPID-1103",
"CSAFPID-1104",
"CSAFPID-1105",
"CSAFPID-1106",
"CSAFPID-1107"
]
}
],
"title": "JBL: Improper validation of ICM field in connection requests"
}
]
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…