CVE-2025-32876
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2025-32876
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
An issue was discovered on COROS PACE 3 devices through 3.0808.0. The BLE implementation of the COROS smartwatch does not support LE Secure Connections and instead enforces BLE Legacy Pairing. In BLE Legacy Pairing, the Short-Term Key (STK) can be easily guessed. This requires knowledge of the Temporary Key (TK), which, in the case of the COROS Pace 3, is set to 0 due to the Just Works pairing method. An attacker within Bluetooth range can therefore perform sniffing attacks, allowing eavesdropping on the communication.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
COROS PACE 3 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Bluetooth等都是蓝牙特别兴趣小组(SIG)标准组织的产品。Bluetooth是一种短距离无线技术标准,Cafe Bazaar hod等都是(Cafe Bazaar)开源的产品。hod是一个库。roc req等都是(roc)个人开发者的产品。req是一个使用 Black Magic 的简单 Go HTTP 客户端。 COROS PACE 3 3.0808.0及之前版本存在安全漏洞,该漏洞源于BLE实现仅支持旧版配对,可能导致通信窃听。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| - | n/a | n/a | - |
II. Public POCs for CVE-2025-32876
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2025-32876
请登录查看更多情报信息。
Same Patch Batch · n/a · 2025-06-20 · 15 CVEs total
| CVE-2025-6335 | 4.7 MEDIUM | DedeCMS Template dedetag.class.php command injection |
| CVE-2025-48705 | COROS PACE 3 安全漏洞 | |
| CVE-2025-48706 | COROS PACE 3 安全漏洞 | |
| CVE-2025-44203 | Hoteldruid 安全漏洞 | |
| CVE-2025-44635 | H3C多款产品 安全漏洞 | |
| CVE-2025-32879 | COROS PACE 3 安全漏洞 | |
| CVE-2025-32880 | COROS PACE 3 安全漏洞 | |
| CVE-2025-32877 | COROS PACE 3 安全漏洞 | |
| CVE-2025-32875 | COROS application 安全漏洞 | |
| CVE-2025-32878 | COROS PACE 3 安全漏洞 | |
| CVE-2025-46179 | CloudClassroom-PHP-Project 安全漏洞 | |
| CVE-2025-46158 | Redox C Library 安全漏洞 | |
| CVE-2025-45331 | Brplot v420.69.1 安全漏洞 | |
| CVE-2025-45890 | novel-plus 安全漏洞 |
IV. Related Vulnerabilities
Same vendor: n/a
- CVE-2026-8276
bettercap MySQL Server mysql_server.go integer coercion - CVE-2026-8275
bettercap zerogod IPP Service zerogod_ipp_primitives.go ippR - CVE-2026-8270
Open5GS SMF ogs_nas_parse_qos_rules denial of service - CVE-2026-8269
Open5GS SMF smf_nsmf_handle_create_sm_context denial of serv - CVE-2026-8268
Open5GS SMF OpenAPI_list_create denial of service
V. Comments for CVE-2025-32876
No comments yet