Security researchers have discovered significant security flaws in the firmware of Xiaomi’s popular Redmi Buds series, affecting models from the Redmi Buds 3 Pro to the Redmi Buds 6 Pro. These critical vulnerabilities in the Bluetooth implementation allow attackers to access sensitive information or disconnect devices without prior pairing.
The helmets are bad
The identified vulnerabilities are two: the first, tracked as CVE-2025-13834, is an information leak caused by inadequate boundary checking. This flaw can operate similarly to the infamous Heartbleed bug in web servers. It occurs when the device receives a specially crafted command that causes the reading of uninitialized memory, allowing up to 127 bytes of data to be returned to the attacker, which could include phone numbers of contacts on active calls.
The second vulnerability, CVE-2025-13328, creates a Denial of Service (DoS) condition that is triggered by flooding the device’s control channels with valid commands. This causes a collapse in the firmware processing queue, disconnecting users from their audio source until the headphones are physically restarted.
The most alarming thing is that these attacks can be carried out from approximately twenty meters away using conventional Bluetooth scanning tools, without requiring user interaction. Attackers only need the MAC address of the headphones, which can be easily obtained through sniffing techniques.
So far, Xiaomi has not issued any statement regarding a firmware patch or specific plans to address this issue following these findings. Until this problem is resolved, users are advised to disable Bluetooth on their mobile devices when not using the headphones, especially in high-density public environments, where the risk is greater.