Primary

Context

OpenSynergy BlueSDK Incorrect Control Flow Scoping Vulnerability Allowing Data Processing Bypass

Vulnerability

Patched

A vulnerability exists in OpenSynergy BlueSDK versions through 6.x, specifically within the BlueSDK Bluetooth stack. The issue arises from incorrect control flow management, which fails to properly terminate functions after encountering unusual conditions. This flaw allows an attacker to bypass security validations and manipulate how incoming data is processed, potentially leading to unauthorized actions or data handling.

Impact

Exploitation of this vulnerability can bypass security validations, allowing for unauthorized processing of incoming data. This could be leveraged to manipulate system behavior or exploit other vulnerabilities.

Remediation

According to OpenSynergy, patches for this vulnerability were released in September 2024. However, not all OEMs received the patch until June 2025, likely due to complex vehicle supply chains.

Added: Sep 12, 2025, 5:20 PM

Updated: Sep 12, 2025, 6:23 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

6.0

remediation

7.7

relevance

0.5

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

6.0

remediation

7.7

relevance

0.5

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

OpenSynergy BlueSDK Incorrect Control Flow Scoping Vulnerability Allowing Data Processing Bypass

Vulnerability

Impact

Remediation

Affected Products

OpenSynergy BlueSDK

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating