{"uuid": "54997cdf-1ca8-4e05-af2d-bc5660cb5f87", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32877", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/18969", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-32877\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: An issue was discovered on COROS PACE 3 devices through 3.0808.0. It identifies itself as a device without input or output capabilities, which results in the use of the Just Works pairing method. This method does not implement any authentication, which therefore allows machine-in-the-middle attacks. Furthermore, this lack of authentication allows attackers to interact with the device via BLE without requiring prior authorization.\n\ud83d\udccf Published: 2025-06-20T00:00:00.000Z\n\ud83d\udccf Modified: 2025-06-20T13:53:04.244Z\n\ud83d\udd17 References:\n1. https://syss.de\n2. https://support.coros.com/hc/en-us/articles/20087694119828-COROS-PACE-3-Release-Notes\n3. https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2025-024.txt", "creation_timestamp": "2025-06-20T14:43:45.000000Z"}