Redmi Buds firmware flaws expose call data and enable device crashes

What happened

The Redmi Buds firmware flaws expose call data and enable device crashes after advisories confirmed two vulnerabilities in Bluetooth firmware of Xiaomi Redmi Buds 3 Pro through Redmi Buds 6 Pro. These issues stem from improper handling of RFCOMM protocol frames in Bluetooth Classic stacks, allowing an unauthenticated attacker within wireless range to interact with undocumented channels. One flaw, tracked as CVE-2025-13834, could leak portions of call-related data, while another, CVE-2025-13328, allows repeated firmware crashes (denial-of-service) via RFCOMM flooding. The vulnerabilities exist in HFP, A2DP, and AVRCP profiles and arise from inadequate validation of incoming packet lengths and resource exhaustion handling. Because the exploit does not require prior pairing and operates over Bluetooth, nearby attackers can trigger these conditions when devices are in radio proximity. 

Who is affected

Owners of Redmi Buds 3 Pro, 4, 5, and 6 Pro earbuds and similar Bluetooth accessories face direct exposure when in proximity to attackers. Organizations that permit such peripherals near corporate systems may indirectly face privacy or operational issues.

Why CISOs should care

Bluetooth accessory vulnerabilities extend the corporate attack surface and can lead to information leakage or disruptions, especially when such peripherals connect to enterprise devices or networks. 

3 practical actions

• Apply firmware updates: Ensure firmware patches are installed for affected Redmi Buds models.

• Control Bluetooth peripherals: Restrict use of untrusted Bluetooth devices on corporate assets.

• Monitor wireless anomalies: Detect unusual Bluetooth interactions indicating potential exploit attempts.