Login Sign Up

CVE-2025-32877

9.8 CRITICAL
Authentication Bypass

📋 TL;DR

COROS PACE 3 smartwatches through firmware version 3.0808.0 incorrectly identify themselves as devices without input/output capabilities, forcing Bluetooth Low Energy (BLE) pairing to use the 'Just Works' method that lacks authentication. This allows attackers to perform machine-in-the-middle attacks and interact with the device via BLE without authorization. All users of affected COROS PACE 3 devices are vulnerable.

💻 Affected Systems

Products:
  • COROS PACE 3
Versions: through 3.0808.0
Operating Systems: Device firmware
Default Config Vulnerable: ⚠️ Yes
Notes: All devices running affected firmware versions are vulnerable by default when BLE is enabled.

📦 What is this software?

Coros Pace 3 Firmware by Yftech

View all CVEs affecting Coros Pace 3 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could intercept and manipulate all BLE communications, potentially accessing sensitive health/fitness data, injecting malicious commands, or compromising device functionality.

🟠

Likely Case

Attackers within BLE range could eavesdrop on device communications, access personal data, or send unauthorized commands to the device.

🟢

If Mitigated

With proper controls like disabling BLE when not needed or using physical isolation, risk is limited to specific attack windows.

🌐 Internet-Facing: LOW
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires physical proximity (BLE range) and basic BLE attack tools. The vulnerability is well-documented in public advisories.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check COROS support for latest firmware

Vendor Advisory: https://support.coros.com/hc/en-us/articles/20087694119828-COROS-PACE-3-Release-Notes

Restart Required: Yes

Instructions:

1. Open COROS app on paired smartphone. 2. Navigate to device settings. 3. Check for firmware updates. 4. Install available update. 5. Device will restart automatically.

🔧 Temporary Workarounds

Disable BLE when not in use

all

Turn off Bluetooth on the device to prevent BLE connections entirely

Use physical isolation

all

Keep device in secure location when not actively using BLE features

🧯 If You Can't Patch

  • Keep device in airplane mode or disable Bluetooth completely
  • Only enable BLE in trusted, controlled environments

🔍 How to Verify

Check if Vulnerable:

Check device firmware version in COROS app settings. If version is 3.0808.0 or earlier, device is vulnerable.

Check Version:

Check via COROS app: Device Settings > About > Firmware Version

Verify Fix Applied:

After updating, verify firmware version is newer than 3.0808.0 in device settings.

📡 Detection & Monitoring

Log Indicators:

  • Unusual BLE connection attempts
  • Multiple failed pairing attempts from unknown devices

Network Indicators:

  • Unexpected BLE traffic patterns
  • BLE connections from unauthorized MAC addresses

SIEM Query:

Not applicable for consumer wearable devices

📊 Metadata

CVE ID: CVE-2025-32877
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-287
EPSS Score: 0.15% exploit probability (35.9th percentile)
Published: June 20, 2025
Last Updated: July 8, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-32877, you might also want to check these:

CVE-2024-27767 10.0

CVE-2024-27767 is an authentication bypass vulnerability that allows attackers to gain unauthorized ...

Same vulnerability type (CWE-287)
CVE-2026-24898 10.0

OpenEMR versions before 8.0.0 contain an unauthenticated token disclosure vulnerability in the MedEx...

Same vulnerability type (CWE-287)
CVE-2026-20127 10.0

This critical authentication bypass vulnerability in Cisco Catalyst SD-WAN Controller and Manager al...

Same vulnerability type (CWE-287)