Bluetooth Headphone Jacking: Full Disclosure of Airoha RACE Vulnerabilities – Insinuator.net

Researchers Dennis Heinze and Frieder Steinmetz disclose three critical vulnerabilities (CVE-2025-20700, CVE-2025-20701, CVE-2025-20702) in Airoha-based Bluetooth headphones and earbuds, allowing for unauthenticated access, eavesdropping, data extraction, and potentially arbitrary code execution by chaining these flaws. They have also released a RACE Toolkit to help users check for vulnerabilities.