• Home
  • cyber
  • Xiaomi: Redmi Buds Vulnerability Allow Attackers Access Call Data and Trigger Firmware Crashes
cyber Vulnerability

Xiaomi: Redmi Buds Vulnerability Allow Attackers Access Call Data and Trigger Firmware Crashes

Jun 16, 2025 2 min read
Xiaomi: Redmi Buds Vulnerability Allow Attackers Access Call Data and Trigger Firmware Crashes

Critical Bluetooth Vulnerabilities Expose Xiaomi Redmi Buds to Data Leaks and DoS Attacks

Security researchers have identified two severe vulnerabilities in the firmware of Xiaomi’s Redmi Buds series, affecting models from the Redmi Buds 3 Pro to the Redmi Buds 6 Pro. The flaws, rooted in the devices’ Bluetooth implementation, enable attackers to extract sensitive data or force disconnections all without requiring pairing or user interaction.

The first vulnerability, CVE-2025-13834, is an information leak caused by improper bounds checking in the RFCOMM protocol. When exploited with a malformed TEST command, the firmware reads from uninitialized memory, returning up to 127 bytes of data, including phone numbers from active calls. The flaw mirrors the infamous Heartbleed bug, allowing repeated, undetected data extraction.

The second, CVE-2025-13328, is a Denial of Service (DoS) attack triggered by flooding the device with legitimate TEST or Modem Status Command frames. This overwhelms the firmware, causing a crash that disconnects the earbuds from the paired device. Recovery requires physically resetting the earbuds in their charging case.

Exploitation is alarmingly simple: Attackers only need the MAC address of the target earbuds, obtainable via standard Bluetooth sniffing tools. Tests confirmed attacks can be executed from up to 20 meters away, though physical barriers may reduce range. No authentication or user interaction is required, making the vulnerabilities particularly dangerous in public spaces where Bluetooth sniffing is feasible.

As of disclosure, Xiaomi has not released a firmware patch to address the flaws. The vulnerabilities were discovered by researchers Choongin Lee, Jiwoong Ryu, and Heejo Lee, with no official remediation timeline provided. Until fixes are deployed, users remain exposed to privacy breaches and persistent disruptions.

Source: https://cybersecuritynews.com/redmi-buds-vulnerability/

Xiaomi Technology cybersecurity rating report: https://www.rankiteo.com/company/xiaomi-technology

"id": "XIA1768816067",
"linkid": "xiaomi-technology",
"type": "Vulnerability",
"date": "6/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'customers_affected': 'Users of Xiaomi Redmi Buds 3 '
                                              'Pro to 6 Pro',
                        'industry': 'Consumer Electronics',
                        'name': 'Xiaomi',
                        'type': 'Company'}],
 'attack_vector': 'Bluetooth (RFCOMM protocol)',
 'customer_advisories': 'Users remain exposed to privacy breaches and '
                        'disruptions until fixes are deployed.',
 'data_breach': {'data_exfiltration': 'Yes (via malformed TEST commands)',
                 'personally_identifiable_information': 'Phone numbers',
                 'sensitivity_of_data': 'Personally identifiable information '
                                        '(PII)',
                 'type_of_data_compromised': 'Phone numbers'},
 'description': 'Security researchers have identified two severe '
                'vulnerabilities in the firmware of Xiaomi’s Redmi Buds '
                'series, affecting models from the Redmi Buds 3 Pro to the '
                'Redmi Buds 6 Pro. The flaws, rooted in the devices’ Bluetooth '
                'implementation, enable attackers to extract sensitive data or '
                'force disconnections without requiring pairing or user '
                'interaction.',
 'impact': {'brand_reputation_impact': 'Privacy breaches and disruption risks',
            'data_compromised': 'Phone numbers from active calls',
            'downtime': 'Disconnection requiring physical reset',
            'operational_impact': 'Persistent disruptions to device '
                                  'functionality',
            'systems_affected': 'Xiaomi Redmi Buds (models 3 Pro to 6 Pro)'},
 'investigation_status': 'Vulnerabilities disclosed, no patch released',
 'post_incident_analysis': {'root_causes': 'Improper bounds checking in RFCOMM '
                                           'protocol, firmware crash due to '
                                           'flooding'},
 'recommendations': 'Users should avoid using affected earbuds in public '
                    'spaces until a firmware patch is released.',
 'references': [{'source': 'Security researchers (Choongin Lee, Jiwoong Ryu, '
                           'Heejo Lee)'}],
 'title': 'Critical Bluetooth Vulnerabilities Expose Xiaomi Redmi Buds to Data '
          'Leaks and DoS Attacks',
 'type': ['Information Leak', 'Denial of Service (DoS)'],
 'vulnerability_exploited': ['CVE-2025-13834', 'CVE-2025-13328']}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.