Low

Denial of Service in Xiaomi Redmi Buds RFCOMM Control Channels

IdentifiersCVE-2025-13328CWE-400

CVE-2025-13328 is a Bluetooth-range denial-of-service vulnerability in the firmware of Xiaomi Redmi Buds models from Redmi Buds 3 Pro through Redmi Buds 6 Pro. The issue affects the devices’ handling of RFCOMM control/signaling traffic, including the standard Hands-Free Profile (HFP) control channel and an undocumented Airoha auxiliary service channel likely intended for internal vendor use. An attacker within Bluetooth range can send a high volume of otherwise valid RFCOMM TEST commands or Modem Status Command signaling frames to these channels, causing the firmware to exhaust resources and crash. Exploitation does not require pairing, authentication, PIN entry, or user interaction. The attacker does need the target earbuds’ Bluetooth MAC address, which researchers reported can be obtained using standard Bluetooth sniffing tools. Successful exploitation forces the earbuds to disconnect and become unresponsive until reset.

For your environment

Are you exposed to this one?

Mallory correlates every CVE against your assets, your vendors, and active adversary campaigns. Know which vulnerabilities matter for you, not just which ones are loud.

Start free trial

ANALYST BRIEF

Impact, mitigation & remediation

What it means. What to do now. Patch path, mitigations, and the assume-compromise checklist.

Impact

What an attacker gets, and what they’ve been doing with it.

Successful exploitation causes resource exhaustion in the earbuds firmware, leading to a crash, forced disconnection from the paired device, and loss of audio functionality. The condition is persistent enough that normal operation is not restored automatically; the user must place the earbuds back into the charging case to reset them. In practice, this enables a nearby attacker to repeatedly disrupt calls, media playback, and general device availability, particularly in public or crowded environments.

Mitigation

If you can’t patch tonight, do this now.

Until a vendor patch is available, reduce exposure by disabling Bluetooth when the earbuds are not actively in use, especially in public or high-density environments where nearby attackers could operate within radio range. Users should avoid leaving affected earbuds discoverable or unnecessarily powered on. If exploitation occurs and the earbuds become unresponsive, placing them in the charging case is required to reset and restore functionality.

Remediation

Patch, then assume compromise.

At the time of disclosure, no official Xiaomi firmware patch or vendor remediation guidance had been announced. Once Xiaomi releases updated firmware for affected Redmi Buds models, applying that firmware update would be the primary remediation. Asset owners should monitor Xiaomi and CERT/CC advisories for model-specific fix availability and deployment instructions.

PUBLIC EXPLOITS

Exploits

No public exploits tracked yet. Mallory keeps watching.

VALID 0 / 0 TOTALView more in app

No public exploit code observed for this vulnerability.

EXPOSURE SURFACE

Affected products & vendors

Products and vendors Mallory has correlated with this vulnerability. Open in Mallory to drill down to specific CPE configurations and version ranges.

VendorProductType

XiaomiRedmi Budshardware

Vendor-confirmed product mapping. Mallory continuously reconciles this list against your asset inventory.

ACTIVITY FEED

Recent activity

4 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

4 SOURCESView more in app

the hacker newsNews

Feb 2, 2026

⚡ Weekly Recap: Proxy Botnet, Office Zero-Day, MongoDB Ransoms, AI Hijacks & New Threats

A denial-of-service vulnerability in Xiaomi Redmi Buds (3 Pro through 6 Pro) exploitable over Bluetooth RFCOMM without prior pairing/authentication to trigger repeatable firmware crashes.

cyber security newsNews

Jan 19, 2026

Redmi Buds Vulnerability Allow Attackers Access Call Data and Trigger Firmware Crashes

A Bluetooth RFCOMM-related denial-of-service in Xiaomi Redmi Buds firmware where high-volume traffic (TEST commands / Modem Status Command frames) overwhelms processing, causing resource exhaustion and a firmware crash/disconnection until reset.

security online infoNews

Jan 19, 2026

Bluetooth "Heartbleed" and DoS Flaws Found in Xiaomi Redmi Buds, No Patch

An unauthenticated Bluetooth-range denial-of-service in Xiaomi Redmi Buds where command flooding across control channels (including HFP and an undocumented Airoha auxiliary service channel) exhausts resources and crashes firmware, dropping active connections until a physical reset.

What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: which of your assets are affected, which adversaries are exploiting it right now, which detections to deploy, and what to do tonight.

Start free trial

Exposure mapping

Query your assets running an affected version, and investigate the blast radius.

Threat actor evidence

Every observed campaign linking this CVE to a named adversary.

Associated malware

Malware families riding this exploit, with evidence and IOCs.

Detection signatures

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

Vendor-by-vendor mapping

Cross-references every affected SKU, including bundled OEM variants.

Social activity