Low

Information Disclosure in Xiaomi Redmi Buds RFCOMM TEST Handling

IdentifiersCVE-2025-13834CWE-125

CVE-2025-13834 is an information disclosure vulnerability in the Bluetooth firmware of multiple Xiaomi Redmi Buds models, reported to affect Redmi Buds 3 Pro through Redmi Buds 6 Pro. The flaw is in RFCOMM control/signaling handling, specifically improper bounds or length checking when processing a crafted RFCOMM TEST command on a control channel. By supplying a manipulated length field with an empty or undersized payload, an attacker can trigger an out-of-bounds read and cause the earbuds to return up to 127 bytes of uninitialized memory. Researchers and CERT/CC described the behavior as analogous to Heartbleed in that attacker-controlled length metadata causes disclosure of unintended memory contents. The leaked memory may contain sensitive data, including active call-related information such as the phone number of the current call peer.

For your environment

Are you exposed to this one?

Mallory correlates every CVE against your assets, your vendors, and active adversary campaigns. Know which vulnerabilities matter for you, not just which ones are loud.

Start free trial

ANALYST BRIEF

Impact, mitigation & remediation

What it means. What to do now. Patch path, mitigations, and the assume-compromise checklist.

Impact

What an attacker gets, and what they’ve been doing with it.

Successful exploitation allows a nearby attacker to repeatedly extract uninitialized memory from the earbuds without pairing, authentication, or user interaction. This creates a confidentiality risk for users in public or shared environments, as disclosed memory may include sensitive runtime data such as active call peer phone numbers and other residual firmware memory contents. Because the attack is repeatable and covert, it may enable ongoing privacy compromise of affected users within Bluetooth range.

Mitigation

If you can’t patch tonight, do this now.

In the absence of a vendor patch, reduce exposure by disabling Bluetooth when the earbuds are not actively in use, especially in crowded or public environments where nearby attackers could operate within radio range. Minimize use in untrusted proximity settings, and avoid leaving the earbuds discoverable or unnecessarily powered on. Because exploitation requires proximity and the target Bluetooth MAC address, limiting Bluetooth exposure time and radio availability reduces attack opportunity.

Remediation

Patch, then assume compromise.

At the time of disclosure reflected in the provided content, Xiaomi had not announced an official firmware patch or published remediation guidance. The definitive remediation is a vendor firmware update that corrects RFCOMM TEST command length validation and prevents out-of-bounds reads of uninitialized memory. Asset owners should monitor Xiaomi and CERT/CC advisories for model-specific fixed firmware releases and apply them as soon as they become available.

PUBLIC EXPLOITS

Exploits

No valid public exploits. Mallory filtered out 1 candidate as fakes, detection scripts, or README-only repos.

VALID 0 / 1 TOTALView more in app

All candidate exploits were filtered out by Mallory's validation.

EXPOSURE SURFACE

Affected products & vendors

Products and vendors Mallory has correlated with this vulnerability. Open in Mallory to drill down to specific CPE configurations and version ranges.

VendorProductType

XiaomiRedmi Budshardware

Vendor-confirmed product mapping. Mallory continuously reconciles this list against your asset inventory.

ACTIVITY FEED

Recent activity

4 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

4 SOURCESView more in app

the hacker newsNews

Feb 2, 2026

⚡ Weekly Recap: Proxy Botnet, Office Zero-Day, MongoDB Ransoms, AI Hijacks & New Threats

An information disclosure vulnerability in Xiaomi Redmi Buds (3 Pro through 6 Pro) exploitable over Bluetooth RFCOMM without prior pairing/authentication to expose sensitive call-related data.

cyber security newsNews

Jan 19, 2026

Redmi Buds Vulnerability Allow Attackers Access Call Data and Trigger Firmware Crashes

A Bluetooth RFCOMM control-channel information disclosure in Xiaomi Redmi Buds firmware caused by improper bounds checking on a crafted TEST command length field, leading to out-of-bounds/uninitialized memory read and leakage of up to 127 bytes.

security online infoNews

Jan 19, 2026

Bluetooth "Heartbleed" and DoS Flaws Found in Xiaomi Redmi Buds, No Patch

An unauthenticated Bluetooth-range information disclosure (“memory bleed”) in Xiaomi Redmi Buds firmware triggered by a crafted RFCOMM TEST command that causes the device to return uninitialized memory, potentially leaking sensitive call-related data.

What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: which of your assets are affected, which adversaries are exploiting it right now, which detections to deploy, and what to do tonight.

Start free trial

Exposure mapping

Query your assets running an affected version, and investigate the blast radius.

Threat actor evidence

Every observed campaign linking this CVE to a named adversary.

Associated malware

Malware families riding this exploit, with evidence and IOCs.

Detection signatures

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

Vendor-by-vendor mapping

Cross-references every affected SKU, including bundled OEM variants.

Social activity