Vulnerability Details CVE-2025-32880
An issue was discovered on COROS PACE 3 devices through 3.0808.0. It implements a function to connect the watch to a WLAN. With WLAN access, the COROS Pace 3 downloads firmware files via HTTP. However, the communication is not encrypted and allows sniffing and machine-in-the-middle attacks.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 3.7%
CVSS Severity
CVSS v3 Score 9.8
References
Products affected by CVE-2025-32880
-
cpe:2.3:h:yftech:coros_pace_3:-
-
cpe:2.3:o:yftech:coros_pace_3_firmware:*