Vulnerability Details CVE-2025-32880
An issue was discovered on COROS PACE 3 devices through 3.0808.0. It implements a function to connect the watch to a WLAN. With WLAN access, the COROS Pace 3 downloads firmware files via HTTP. However, the communication is not encrypted and allows sniffing and machine-in-the-middle attacks.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 13.1%
CVSS Severity
CVSS v3 Score 9.8
References
Products affected by CVE-2025-32880
-
cpe:2.3:h:yftech:coros_pace_3:-
-
cpe:2.3:o:yftech:coros_pace_3_firmware:3.0308.0
-
cpe:2.3:o:yftech:coros_pace_3_firmware:3.0408.0
-
cpe:2.3:o:yftech:coros_pace_3_firmware:3.0409.0
-
cpe:2.3:o:yftech:coros_pace_3_firmware:3.0508.0
-
cpe:2.3:o:yftech:coros_pace_3_firmware:3.0510.0
-
cpe:2.3:o:yftech:coros_pace_3_firmware:3.07.0
-
cpe:2.3:o:yftech:coros_pace_3_firmware:3.0708.0
-
cpe:2.3:o:yftech:coros_pace_3_firmware:3.0709.0
-
cpe:2.3:o:yftech:coros_pace_3_firmware:3.08.0
-
cpe:2.3:o:yftech:coros_pace_3_firmware:3.0808.0
-
cpe:2.3:o:yftech:coros_pace_3_firmware:3.09.0
-
cpe:2.3:o:yftech:coros_pace_3_firmware:3.13.0