High

Missing Authentication in Airoha Bluetooth BR/EDR affecting Beats Studio Buds

IdentifiersCVE-2025-20701CWE-306

CVE-2025-20701 is a missing-authentication flaw in the Airoha Bluetooth audio SDK / Airoha Bluetooth SoC Bluetooth Classic (BR/EDR) handling that affects Beats Studio Buds and other Airoha-based audio devices. The issue allows a nearby attacker to establish an unauthorized Bluetooth Classic connection to a device that is not yet paired and is actively seeking pairing requests, without user consent and without user interaction. Reporting ties the weakness to improper or absent authentication during the Bluetooth pairing/connection process, enabling unauthorized two-way audio connections and access to microphone input via profiles such as Hands-Free Profile (HFP/HfP). Apple described the issue as originating in open-source code and patched Beats Studio Buds in Beats Firmware Update 1B211.

For your environment

Are you exposed to this one?

Mallory correlates every CVE against your assets, your vendors, and active adversary campaigns. Know which vulnerabilities matter for you, not just which ones are loud.

Start free trial

ANALYST BRIEF

Impact, mitigation & remediation

What it means. What to do now. Patch path, mitigations, and the assume-compromise checklist.

Impact

What an attacker gets, and what they’ve been doing with it.

A successful attacker within Bluetooth range can connect to a vulnerable unpaired device and listen through its microphone, enabling covert eavesdropping on nearby conversations. The vulnerability also constitutes a remote privilege escalation in the Bluetooth trust model because the attacker can obtain capabilities normally reserved for an authorized/paired peer. In broader Airoha attack chains, CVE-2025-20701 can be combined with CVE-2025-20700 and CVE-2025-20702 to facilitate deeper device compromise, including abuse of HFP functions, extraction of Bluetooth link keys, impersonation of trusted peripherals, and possible access to phone-side data or call functions depending on platform configuration.

Mitigation

If you can’t patch tonight, do this now.

Until patched, reduce exposure by keeping Bluetooth disabled when not needed, avoiding leaving the device powered on and discoverable/unpaired in untrusted environments, and minimizing use in public or high-risk locations where an attacker could be within Bluetooth range. Because exploitation depends on the target being actively seeking pair requests, limiting time spent in pairing/discoverable state materially reduces risk.

Remediation

Patch, then assume compromise.

Apply the vendor firmware update that incorporates the Airoha SDK fix. For Beats Studio Buds, Apple addressed the issue in Beats Firmware Update 1B211. Ensure affected earbuds receive the latest firmware through the normal update channel; on Apple platforms this is delivered automatically when the headphones are paired and within Bluetooth range of an iPhone, iPad, or Mac, and Android users should use the official Beats app where applicable. Verify that the installed firmware version is 1B211 or later on affected Beats Studio Buds.

PUBLIC EXPLOITS

Exploits

No public exploits tracked yet. Mallory keeps watching.

VALID 0 / 0 TOTALView more in app

No public exploit code observed for this vulnerability.

ACTIVITY FEED

Recent activity

36 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

36 SOURCESView more in app

hackreadNews

Jun 22, 2026

Beats Studio Buds Flaw Could Let Nearby Attackers Eavesdrop on Users

A vulnerability in Beats Studio Buds related to the Airoha Bluetooth audio SDK that could allow a nearby attacker to connect without user permission and use the built-in microphone to eavesdrop when the headphones are powered on but not connected.

cyber security newsNews

Jun 22, 2026

Apple Beats Studio Buds Vulnerability Allows Hackers to Eavesdrop on Users

A high-severity Bluetooth vulnerability affecting Beats Studio Buds that could allow a nearby attacker to connect without authorization and eavesdrop via the device microphone, even without prior pairing.

techrepublic com securityNews

Jun 19, 2026

Apple Patches Beats Studio Buds Wiretap Flaw

A Bluetooth authorization flaw affecting Beats Studio Buds, reportedly tied to incorrect authorization in the Airoha Bluetooth audio SDK, that could allow a nearby attacker to access the microphone or pair without user consent when the device is unpaired and seeking a connection.

malware newsNews

Jun 19, 2026

Apple patches Beats Studio Buds flaw that could turn earbuds into a wiretap - Malware News - Malware Analysis, News and Indicators

An authentication flaw in Beats Studio Buds/Airoha-based Bluetooth audio devices that can allow a nearby attacker to connect to an unpaired device in pairing mode and eavesdrop through its microphone.

+10 more in the timeline

What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: which of your assets are affected, which adversaries are exploiting it right now, which detections to deploy, and what to do tonight.

Start free trial

Exposure mapping

Query your assets running an affected version, and investigate the blast radius.

Threat actor evidence

Every observed campaign linking this CVE to a named adversary.

Associated malware

Malware families riding this exploit, with evidence and IOCs.

Detection signatures

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

Vendor-by-vendor mapping

Cross-references every affected SKU, including bundled OEM variants.

Social activity22

Community discussion across Reddit, Mastodon, and other social sources.

EXTERNAL REFERENCES

MITRE CVE

cve.org · CVE-2025-20701

NVD

nvd.nist.gov/vuln/detail/CVE-2025-20701

MITRE CWE · CWE-306

cwe.mitre.org

airoha.com

airoha.com/product-security-bulletin/2025