Vulnerability Details CVE-2025-48705
An issue was discovered in COROS PACE 3 through 3.0808.0. Due to a NULL pointer dereference vulnerability, sending a crafted BLE message forces the device to reboot.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 24.0%
CVSS Severity
CVSS v3 Score 7.5
References
Products affected by CVE-2025-48705
-
cpe:2.3:h:yftech:coros_pace_3:-
-
cpe:2.3:o:yftech:coros_pace_3_firmware:3.0308.0
-
cpe:2.3:o:yftech:coros_pace_3_firmware:3.0408.0
-
cpe:2.3:o:yftech:coros_pace_3_firmware:3.0409.0
-
cpe:2.3:o:yftech:coros_pace_3_firmware:3.0508.0
-
cpe:2.3:o:yftech:coros_pace_3_firmware:3.0510.0
-
cpe:2.3:o:yftech:coros_pace_3_firmware:3.07.0
-
cpe:2.3:o:yftech:coros_pace_3_firmware:3.0708.0
-
cpe:2.3:o:yftech:coros_pace_3_firmware:3.0709.0
-
cpe:2.3:o:yftech:coros_pace_3_firmware:3.08.0
-
cpe:2.3:o:yftech:coros_pace_3_firmware:3.0808.0
-
cpe:2.3:o:yftech:coros_pace_3_firmware:3.09.0
-
cpe:2.3:o:yftech:coros_pace_3_firmware:3.13.0