HBSA-2025-0003

Vulnerability from csaf_harmaninternational - Published: 2026-02-18 07:00 - Updated: 2026-02-18 07:00
Summary
JBL: DoS vulnerability in Flip 4
Severity
Medium (6.5)
Notes
Summary: The Bluetooth Classic implementation on JBL Flip 4 devices with firmware version prior to 4.1.0 does not properly handle malformed LMP messages and causes the entire device to crash. Any attacker in radio range can exploit this vulnerability.
Impact: Any attacker in radio range can send malicious messages to cause the device to crash.
Mitigation: There is no known mitigation at this moment.
Remediation: The vulnerability is fixed in firmware version 4.1.0.
Product Description: The JBL Flip 4 is a portable bluetooth speaker.

Affected devices running firmware versions prior to 4.1.0 may crash and become unavailable when receiving specific malformed Bluetooth messages from an unauthenticated attacker.

CWE-923 - Improper Restriction of Communication Channel to Intended Endpoints
Affected products
Product Identifier Version Remediation
Unresolved product id: CSAFPID-32001
Product Identifier Version Remediation
Unresolved product id: CSAFPID-31001
Vendor Fix
Acknowledgments
CERT@VDE certvde.com
JWP Consulting Justus W. Perlwitz www.jwpconsulting.net/
JWP Consulting GK Justus W. Perlwitz www.jwpconsulting.net/

{
  "document": {
    "acknowledgments": [
      {
        "organization": "CERT@VDE",
        "summary": "coordination",
        "urls": [
          "https://certvde.com"
        ]
      },
      {
        "names": [
          "Justus W. Perlwitz"
        ],
        "organization": "JWP Consulting",
        "summary": "reporting",
        "urls": [
          "https://www.jwpconsulting.net/"
        ]
      }
    ],
    "aggregate_severity": {
      "namespace": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "text": "Medium (6.5)"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE"
      }
    },
    "lang": "en-GB",
    "notes": [
      {
        "audience": "all",
        "category": "summary",
        "text": "The Bluetooth Classic implementation on JBL Flip 4 devices with firmware version prior to 4.1.0 does not properly\nhandle malformed LMP messages and causes the entire device to crash. Any attacker in radio range can\nexploit this vulnerability.",
        "title": "Summary"
      },
      {
        "audience": "all",
        "category": "description",
        "text": "Any attacker in radio range can send malicious messages to cause the device to crash.",
        "title": "Impact"
      },
      {
        "audience": "all",
        "category": "description",
        "text": "There is no known mitigation at this moment.",
        "title": "Mitigation"
      },
      {
        "audience": "all",
        "category": "description",
        "text": "The vulnerability is fixed in firmware version 4.1.0.",
        "title": "Remediation"
      },
      {
        "audience": "all",
        "category": "description",
        "text": "The JBL Flip 4 is a portable bluetooth speaker.",
        "title": "Product Description"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "productsecurity@harman.com",
      "name": "Harman International",
      "namespace": "https://www.harman.com"
    },
    "references": [
      {
        "category": "external",
        "summary": "CERT@VDE Security Advisories for Harman",
        "url": "https://certvde.com/en/advisories/vendor/harmann/"
      },
      {
        "category": "self",
        "summary": "HBSA-2025-0003: JBL: DoS vulnerability in Flip 4 - HTML",
        "url": "https://certvde.com/en/advisories/VDE-2025-090"
      },
      {
        "category": "self",
        "summary": "HBSA-2025-0003: JBL: DoS vulnerability in Flip 4 - CSAF",
        "url": "https://harman.csaf-tp.certvde.com/.well-known/csaf/white/2026/hbsa-2025-0003.json"
      },
      {
        "category": "external",
        "summary": "Braktooth, a description of a family of security vulnerabilities in commercial BT stacks.",
        "url": "https://asset-group.github.io/disclosures/braktooth/"
      }
    ],
    "title": "JBL: DoS vulnerability in Flip 4",
    "tracking": {
      "aliases": [
        "VDE-2026-0001"
      ],
      "current_release_date": "2026-02-18T07:00:00.000Z",
      "generator": {
        "date": "2026-02-12T14:20:52.263Z",
        "engine": {
          "name": "Secvisogram",
          "version": "2.5.42"
        }
      },
      "id": "HBSA-2025-0003",
      "initial_release_date": "2026-02-18T07:00:00.000Z",
      "revision_history": [
        {
          "date": "2026-02-18T07:00:00.000Z",
          "number": "1.0.0",
          "summary": "Initial release."
        }
      ],
      "status": "final",
      "version": "1.0.0"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Flip 4",
                "product": {
                  "name": "JBL Flip 4",
                  "product_id": "CSAFPID-11001",
                  "product_identification_helper": {
                    "skus": [
                      "6925281924439",
                      "6925281924415",
                      "6925281924422",
                      "6925281924446",
                      "6925281924408",
                      "6925281924545",
                      "6925281922428",
                      "6925281922442",
                      "6925281922404",
                      "6925281922411",
                      "6925281922435",
                      "050036337366",
                      "050036337397",
                      "050036337380",
                      "050036337403",
                      "050036337373",
                      "050036336123",
                      "050036336116",
                      "050036336130",
                      "050036337441",
                      "050036336109",
                      "050036336147"
                    ]
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Hardware"
          },
          {
            "branches": [
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "vers:semver/\u003c4.1.0",
                    "product": {
                      "name": "JBL Flip 4 Firmware \u003c4.1.0",
                      "product_id": "CSAFPID-21001",
                      "product_identification_helper": {
                        "model_numbers": [
                          "Flip 4"
                        ]
                      }
                    }
                  },
                  {
                    "category": "product_version",
                    "name": "4.1.0",
                    "product": {
                      "name": "JBL Flip 4 Firmware 4.1.0",
                      "product_id": "CSAFPID-22001",
                      "product_identification_helper": {
                        "model_numbers": [
                          "Flip 4"
                        ]
                      }
                    }
                  }
                ],
                "category": "product_name",
                "name": "Flip 4 "
              }
            ],
            "category": "product_family",
            "name": "Firmware"
          }
        ],
        "category": "vendor",
        "name": "JBL"
      }
    ],
    "relationships": [
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "JBL Flip 4 Firmware \u003c4.1.0 installed on JBL Flip 4",
          "product_id": "CSAFPID-31001",
          "product_identification_helper": {
            "skus": [
              "6925281924439",
              "6925281924415",
              "6925281924422",
              "6925281924446",
              "6925281924408",
              "6925281924545",
              "6925281922428",
              "6925281922442",
              "6925281922404",
              "6925281922411",
              "6925281922435",
              "050036337366",
              "050036337397",
              "050036337380",
              "050036337403",
              "050036337373",
              "050036336123",
              "050036336116",
              "050036336130",
              "050036337441",
              "050036336109",
              "050036336147"
            ]
          }
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-11001"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "JBL Flip 4 Firmware 4.1.0 installed on JBL Flip 4",
          "product_id": "CSAFPID-32001",
          "product_identification_helper": {
            "skus": [
              "6925281924439",
              "6925281924415",
              "6925281924422",
              "6925281924446",
              "6925281924408",
              "6925281924545",
              "6925281922428",
              "6925281922442",
              "6925281922404",
              "6925281922411",
              "6925281922435",
              "050036337366",
              "050036337397",
              "050036337380",
              "050036337403",
              "050036337373",
              "050036336123",
              "050036336116",
              "050036336130",
              "050036337441",
              "050036336109",
              "050036336147"
            ]
          }
        },
        "product_reference": "CSAFPID-22001",
        "relates_to_product_reference": "CSAFPID-11001"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "Justus W. Perlwitz"
          ],
          "organization": "JWP Consulting GK",
          "summary": "reporting",
          "urls": [
            "https://www.jwpconsulting.net/"
          ]
        }
      ],
      "cve": "CVE-2025-41725",
      "cwe": {
        "id": "CWE-923",
        "name": "Improper Restriction of Communication Channel to Intended Endpoints"
      },
      "discovery_date": "2025-05-22T10:00:00.000Z",
      "notes": [
        {
          "audience": "all",
          "category": "description",
          "text": "Affected devices running firmware versions prior to 4.1.0 may crash and become unavailable when receiving specific malformed Bluetooth messages from an unauthenticated attacker.",
          "title": "CVE Description"
        }
      ],
      "product_status": {
        "fixed": [
          "CSAFPID-32001"
        ],
        "known_affected": [
          "CSAFPID-31001"
        ]
      },
      "release_date": "2026-02-13T11:00:00.000Z",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update JBL Flip 4 firmware to version 4.1.0 to remediate the issue.",
          "product_ids": [
            "CSAFPID-31001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "environmentalScore": 6.5,
            "environmentalSeverity": "MEDIUM",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "temporalScore": 6.5,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-31001"
          ]
        }
      ],
      "title": "DoS vulnerability in JBL Flip 4"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Loading…

Detection rules are retrieved from Rulezet.

Loading…

Loading…