CVE-2022-25836 is a high-severity vulnerability affecting the Bluetooth® Low Energy (BLE) pairing process as defined in the Bluetooth Core Specification versions 4.0 through 5.3. The vulnerability arises from a confusion in the pairing methods used between two devices during the pairing process. Specifically, an unauthenticated man-in-the-middle (MITM) attacker positioned in close physical proximity to the two pairing devices can exploit the discrepancy when the initiator device uses Legacy Passkey Pairing and the responder device uses Secure Connections Passkey Pairing. The attacker negotiates Legacy Passkey Pairing with the initiator and Secure Connections Passkey Pairing with the responder, then brute forces the passkey entered by the user on the initiator device. Once the attacker obtains the passkey, they can complete authentication with the responder device by exploiting the pairing method confusion. This attack compromises the confidentiality and integrity of the pairing process, allowing the attacker to intercept or manipulate data exchanged over the BLE connection. The vulnerability does not require prior authentication but does require user interaction (entering a passkey) and close physical proximity to the devices. The CVSS 3.1 base score is 7.5 (high), reflecting the complexity of the attack (high attack complexity), the need for user interaction, and the fact that the attack affects confidentiality and integrity but not availability. No known exploits in the wild have been reported, and no specific vendor or product is identified, indicating this is a protocol-level vulnerability affecting all implementations compliant with the affected Bluetooth specification versions. The weakness corresponds to CWE-294 (Authentication Bypass by Capture-replay).

For European organizations, this vulnerability poses a significant risk to any systems relying on Bluetooth Low Energy for secure device pairing, including IoT devices, wireless peripherals, medical devices, industrial control systems, and consumer electronics. Successful exploitation could lead to unauthorized access to sensitive data transmitted over BLE, interception of confidential communications, or unauthorized control of paired devices. This could impact data confidentiality and integrity, potentially leading to data breaches, espionage, or disruption of critical services. Sectors such as healthcare, manufacturing, transportation, and smart city infrastructure that increasingly depend on BLE-enabled devices are particularly vulnerable. The requirement for physical proximity limits remote exploitation but does not eliminate risk in environments where attackers can gain adjacent access, such as public spaces, offices, or manufacturing floors. The lack of vendor-specific patches means organizations must rely on firmware updates from device manufacturers or implement compensating controls. Given the widespread adoption of Bluetooth technology across Europe, the vulnerability could affect a broad range of devices and industries, increasing the attack surface and potential impact.

1. Immediate mitigation involves ensuring that all Bluetooth-enabled devices are updated with the latest firmware or software patches provided by manufacturers once available, as the vulnerability stems from the Bluetooth specification implementation. 2. Where patches are not yet available, organizations should enforce strict physical security controls to prevent unauthorized individuals from gaining close proximity to BLE devices during pairing operations, such as secure pairing zones or supervised pairing processes. 3. Disable Legacy Pairing modes on devices where possible, favoring Secure Connections-only modes to eliminate the pairing method confusion exploited by the attacker. 4. Implement monitoring and anomaly detection for unusual Bluetooth pairing attempts or repeated passkey entry failures that may indicate brute force attempts. 5. Educate users to be vigilant during pairing, ensuring they only pair devices in trusted environments and verify device identities. 6. For critical environments, consider using additional layers of authentication or encryption beyond BLE pairing, such as application-layer encryption or VPNs, to protect data even if BLE pairing is compromised. 7. Engage with device vendors to confirm their Bluetooth stack versions and request timelines for patches addressing this vulnerability. 8. Review and update Bluetooth device usage policies to minimize unnecessary pairing operations and restrict BLE usage to essential devices only.