CVE-2025-20702 is a vulnerability classified under CWE-306 (Missing Authentication for Critical Function) found in Airoha Technology Corp.'s Bluetooth audio SDK, specifically impacting the AB156x, AB157x, AB158x, AB159x series, and AB1627 chipsets. The vulnerability arises from the RACE protocol implementation, which lacks proper authentication mechanisms for critical functions. This flaw permits an attacker to remotely access and execute privileged commands without any authentication, user interaction, or prior execution privileges. The affected SDK versions include Airoha IoT SDK for BT audio v5.5.0 and earlier, and Airoha AB1561x/AB1562x/AB1563x SDK v3.3.1 and earlier. The vulnerability has a CVSS v3.1 base score of 8.8, indicating high severity, with attack vector being adjacent network (Bluetooth), low attack complexity, no privileges required, and no user interaction needed. The impact encompasses full compromise of confidentiality, integrity, and availability of the affected devices. Although no known exploits are currently in the wild, the vulnerability’s characteristics make it a critical concern for Bluetooth-enabled IoT and audio devices using these chipsets. The lack of authentication in the RACE protocol could allow attackers to escalate privileges remotely, potentially leading to device takeover, data leakage, or denial of service.

The vulnerability poses a significant risk to organizations deploying devices based on the affected Airoha chipsets, particularly in IoT and Bluetooth audio sectors. Successful exploitation could lead to unauthorized remote control over devices, enabling attackers to escalate privileges, manipulate device functions, exfiltrate sensitive data, or disrupt device availability. This could impact consumer electronics manufacturers, enterprise IoT deployments, and critical infrastructure relying on Bluetooth audio communication. The absence of user interaction and low attack complexity increase the likelihood of exploitation in real-world scenarios. Compromised devices could serve as entry points for broader network intrusions or be leveraged in large-scale attacks such as botnets. The widespread use of these chipsets in various regions amplifies the potential global impact, affecting supply chains and end-user security.

Organizations should immediately inventory devices and products using the affected Airoha chipsets and SDK versions. Although no official patches are currently linked, monitoring vendor advisories for updates is critical. Until patches are available, mitigating exposure by restricting Bluetooth access to trusted devices and environments is essential. Implement network segmentation to isolate vulnerable devices and employ Bluetooth monitoring tools to detect anomalous RACE protocol activity. Where feasible, disable or limit RACE protocol usage. Device manufacturers should prioritize developing and deploying firmware updates that enforce robust authentication for critical functions within the RACE protocol. Additionally, incorporating runtime integrity checks and anomaly detection on Bluetooth communications can help identify exploitation attempts. Security teams should also educate users about the risks of connecting to untrusted Bluetooth devices and enforce strict device pairing policies.