Unrated severityNVD Advisory· Published May 22, 2025· Updated May 22, 2025

Harman Becker MGU21 Bluetooth Improper Input Validation Denial-of-Service Vulnerability

CVE-2025-3885

Description

Harman Becker MGU21 Bluetooth Improper Input Validation Denial-of-Service Vulnerability. This vulnerability allows network-adjacent attackers to create a denial-of-service condition on affected installations of Harman Becker MGU21 devices. Authentication is not required to exploit this vulnerability.

The specific flaw exists within the Bluetooth stack of the BCM89359 chipset. The issue results from the lack of proper validation of Bluetooth frames. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-23942.

Affected products

Harman Becker/Mgu21v5
Range: MGU21_22-07 firmware with BCM89359 wireless chipset; LMP Version: 5.0 (0x9); LMP Subversion: 0x420d

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.zerodayinitiative.com/advisories/ZDI-25-251/mitrex_research-advisory

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000