Cyber Resilience

CVE-2025-69821

HighPublic PoC

Published: 22 January 2026

Published
22 January 2026
Modified
02 February 2026
KEV Added
Patch
CVSS Score v3.1 7.4 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
EPSS Score 0.0002 3.7th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-69821 is a high-severity Improper Resource Shutdown or Release (CWE-404) vulnerability in Beatxp Vega Smartwatch Firmware. Its CVSS base score is 7.4 (High).

Operationally, ranked at the 3.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SC-40 (Wireless Link Protection) and SC-5 (Denial-of-service Protection).

Deeper analysis

CVE-2025-69821 is a vulnerability affecting the Beat XP VEGA Smartwatch on Firmware Version RB303ATV006229. The issue enables an attacker to trigger a denial of service condition through the Bluetooth Low Energy (BLE) connection and is associated with CWE-404. Published on 2026-01-22, it carries a CVSS v3.1 base score of 7.4, reflecting its potential severity.

Exploitation requires adjacent network access (AV:A), such as physical proximity to the device, with low attack complexity (AC:L), no privileges (PR:N), and no user interaction (UI:N). The attack has a changed scope (S:C) and results in high availability impact (A:H) with no confidentiality or integrity effects (C:N/I:N), allowing an unauthenticated nearby attacker to disrupt the smartwatch's functionality, potentially rendering it unresponsive.

References point to a GitHub repository and an accompanying PDF security assessment report on the Beat XP Vega Smartwatch, which likely detail the findings but do not specify official patches or mitigations in the provided information.

EU & UK References

Vulnerability details

An issue in Beat XP VEGA Smartwatch (Firmware Version - RB303ATV006229) allows an attacker to cause a denial of service via the BLE connection

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

Insufficient information to map techniques.
Confidence: LOW · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2024-57654Shared CWE-404
CVE-2026-1684Shared CWE-404
CVE-2024-57661Shared CWE-404
CVE-2026-1172Shared CWE-404
CVE-2026-1587Shared CWE-404
CVE-2026-1875Shared CWE-404
CVE-2025-22846Shared CWE-404
CVE-2026-2108Shared CWE-404
CVE-2026-1586Shared CWE-404
CVE-2026-1522Shared CWE-404

Affected Assets

beatxp
vega smartwatch firmware
rb303atv006229

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

preventdetect

Directly implements protections against denial-of-service conditions triggered over network connections such as BLE.

prevent

Applies cryptographic and integrity protections to wireless links (BLE) to block unauthenticated or malformed traffic that can cause DoS.

prevent

Restricts and monitors wireless network access, limiting exposure of the smartwatch BLE interface to adjacent attackers.

References