Primary

Context

OpenSynergy BlueSDK Bluetooth Stack Incorrect Function Call Vulnerability Leading to Information Leak

Vulnerability

A vulnerability has been identified in OpenSynergy BlueSDK versions through 6.x, within the BlueSDK Bluetooth stack. The issue arises from an incorrect variable being used as a function argument, which can lead to unexpected behavior or an information leak. This vulnerability can be exploited after pairing, but may also be available before pairing on some devices, depending on the implementation by the end developer.

Impact

Exploitation of this vulnerability can cause unexpected behavior in the application using the Bluetooth stack or lead to an information leak.

Remediation

OpenSynergy has released patches for this vulnerability, but not all OEMs have received the update yet.

Added: Sep 12, 2025, 5:21 PM

Updated: Sep 12, 2025, 6:24 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.1

exploitability

6.0

remediation

0.0

relevance

0.5

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.1

exploitability

6.0

remediation

0.0

relevance

0.5

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

OpenSynergy BlueSDK Bluetooth Stack Incorrect Function Call Vulnerability Leading to Information Leak

Vulnerability

Impact

Remediation

Affected Products

OpenSynergy BlueSDK

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating