BLE GATT Service Vulnerability in JBL Headphones

VDE-2024-076

Last update

12/10/2025 08:00

Published at

12/10/2025 08:00

Vendor(s)

Harman International

External ID

HBSA-2025-0001

CSAF Document

Download

Summary

Due to improper BLE security configurations and lack of authentication on the GATT server of JBL LIVE PRO 2 TWS and JBL TUNE FLEX Headphones, unauthenticated users can read and write device control commands through the mobile app service.

Impact

The vulnerabilities in headphones allow attackers to control settings, eavesdrop on data exchanges, and tamper with the device by sending altered firmware updates, potentially leading to unauthorized code execution or rendering the device unusable.

Affected Product(s)

Model no.	Product name	Affected versions
	JBL LIVE PRO 2 TWS	JBL LIVE PRO 2 TWS
	JBL TUNE FLEX	JBL TUNE FLEX

Vulnerabilities

Expand / Collapse all

Published

12/10/2025 11:59

Severity

8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Weakness

Missing Authentication for Critical Function (CWE-306)

References

cve.org | nvd.nist.gov

Mitigation

There is no known mitigation at this moment.

Remediation

There is no known remediation at this moment.

Acknowledgments

Harman International thanks the following parties for their efforts:

CERT@VDE for coordinating (see https://certvde.com )
Mattar Bernhard from Hummus Sec for reporting

Revision History

Version	Date	Summary
1.0.0	12/10/2025 08:00	Initial version