Redmi Buds Flaw Exposes Call Data, Causes Crashes

A newly discovered Redmi Buds flaw exposes users to serious security risks, including data leakage and forced firmware crashes. Security researchers found two vulnerabilities in Xiaomi’s popular wireless earbuds, from the Redmi Buds 3 Pro to the 6 Pro models. The flaws stem from the way the earbuds manage Bluetooth’s RFCOMM protocol, allowing nearby attackers to manipulate control signals without authentication or pairing.

One vulnerability, CVE-2025-13834, allows attackers to extract uninitialized memory, revealing sensitive data such as phone numbers. The second, CVE-2025-13328, enables a denial-of-service by overwhelming the firmware with traffic until it crashes and disconnects. Both attacks can be triggered remotely within a 20-meter range.

Users are advised to disable Bluetooth when not in use, especially in public areas. Xiaomi has yet to comment or issue a fix. The researchers who uncovered the issue recommend caution until firmware updates address the flaws in the affected devices.

Read the full official report here:

Redmi Buds Vulnerability Allow Attackers Access Call Data and Trigger Firmware Crashes