Login Sign Up

CVE-2025-32880

9.8 CRITICAL

📋 TL;DR

COROS PACE 3 smartwatches download firmware updates over unencrypted HTTP connections, allowing attackers on the same WLAN network to intercept and potentially modify firmware files. This affects all COROS PACE 3 users with firmware up to version 3.0808.0 who connect their devices to Wi-Fi networks.

💻 Affected Systems

Products:
  • COROS PACE 3
Versions: through 3.0808.0
Operating Systems: COROS proprietary firmware
Default Config Vulnerable: ⚠️ Yes
Notes: Vulnerability only triggers when device connects to Wi-Fi networks for firmware updates. Bluetooth connections are not affected.

📦 What is this software?

Coros Pace 3 Firmware by Yftech

View all CVEs affecting Coros Pace 3 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could deliver malicious firmware that compromises the device completely, enabling data theft, device control, or physical harm through incorrect biometric readings.

🟠

Likely Case

Attackers intercept firmware updates to analyze device behavior, steal personal data, or deliver modified firmware that appears legitimate but contains backdoors.

🟢

If Mitigated

With proper network segmentation and monitoring, attackers would be limited to sniffing unencrypted traffic without being able to deliver malicious payloads.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires attacker to be on same WLAN network as the device during firmware update process. No authentication bypass needed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check COROS support for latest firmware

Vendor Advisory: https://support.coros.com/hc/en-us/articles/20087694119828-COROS-PACE-3-Release-Notes

Restart Required: Yes

Instructions:

1. Open COROS app on paired smartphone. 2. Navigate to Device Settings > Firmware Update. 3. Install latest available firmware. 4. Restart watch after update completes.

🔧 Temporary Workarounds

Disable Wi-Fi firmware updates

all

Prevent device from downloading firmware over Wi-Fi by disabling Wi-Fi connectivity

Settings > Connectivity > Wi-Fi > Off

Use trusted networks only

all

Only connect device to secure, trusted Wi-Fi networks with strong encryption

🧯 If You Can't Patch

  • Never connect device to public or untrusted Wi-Fi networks
  • Monitor network traffic for HTTP firmware download attempts and block them at firewall

🔍 How to Verify

Check if Vulnerable:

Check firmware version in COROS app: Device Settings > About > Firmware Version. If version is 3.0808.0 or earlier, device is vulnerable.

Check Version:

COROS app: Device Settings > About > Firmware Version

Verify Fix Applied:

After updating, verify firmware version is newer than 3.0808.0 and check that firmware downloads now use HTTPS instead of HTTP.

📡 Detection & Monitoring

Log Indicators:

  • HTTP requests to firmware download servers
  • Unusual firmware update activity

Network Indicators:

  • HTTP traffic to COROS firmware servers on port 80
  • Firmware file downloads without TLS encryption

SIEM Query:

destination_port:80 AND (http.host:*.coros.com OR http.uri:*firmware*)

📊 Metadata

CVE ID: CVE-2025-32880
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-319
EPSS Score: 0.05% exploit probability (13.9th percentile)
Published: June 20, 2025
Last Updated: July 8, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-32880, you might also want to check these:

CVE-2023-33730 9.8

CVE-2023-33730 is a critical privilege escalation vulnerability in Microworld Technologies eScan Man...

Same vulnerability type (CWE-319)
CVE-2022-21829 9.8

This vulnerability in Concrete CMS allows authenticated high-privilege users to download zip files o...

Same vulnerability type (CWE-319)
CVE-2020-5426 9.8

CVE-2020-5426 allows attackers to intercept UAA client tokens transmitted in plaintext over non-TLS ...

Same vulnerability type (CWE-319)