CVE•Published 2026-01-15•1 article on news•6 live references•NVD data
CVE-2025-36911
Vulnerability data via CVEDB (Shodan)
CVSS v3.1
7.1
HIGH
EPSS percentile
93
Exploit Prediction Scoring System · top 7% of all CVEs
Description
In key-based pairing, there is a possible ID due to a logic error in the code. This could lead to remote (proximal/adjacent) information disclosure of user's conversations and location with no additional execution privileges needed. User interaction is not needed for exploitation.
Timeline
Published 2026-01-15
External references
Search for exposed instances
Shodan + Censys queries derived from NVD's CPE data. The vuln tag catches assets Shodan has explicitly linked to this CVE; the product / banner fingerprints find exposed instances even when the vuln tag was never applied (which is common).
Shodan · vuln tag0 hosts
vuln:CVE-2025-36911Hosts Shodan has explicitly fingerprinted as vulnerable.
Shodan · OS
os:"Android"Hosts Shodan identified as running Android.
More intel sources (5)
Shodan report
vuln:CVE-2025-36911Country / ASN / product breakdown for the vuln query.
Censys
vulnerabilities.cve_id: CVE-2025-36911Censys host search filtered to this CVE id.
grep.app
CVE-2025-36911Public source-code mentions — fast PoC discovery.
GitHub code
CVE-2025-36911GitHub code search for direct mentions.
Google dork
"CVE-2025-36911" exploit -site:nvd.nist.govWrite-ups and news, NVD excluded.
Known PoCs on GitHub (8)
CVE-2025-369118 repos
JesseCHale/HaleHound-CYDunknown
ESP32-DIV HaleHound Edition for Cheap Yellow Display - Multi-protocol offensive security toolkit
dannymcc/bluehoodPython
Monitor your local neighbourhood's bluetooth activity
zalexdev/strykerappJava
Magic tool for pentest from your android device!
ravens/awesome-telcoPython
A curated list of telco resources and projects
zalexdev/wpair-appKotlin
WPair is a defensive security research tool that demonstrates the CVE-2025-36911 (eg WhisperPair) vulnerability in Google's Fast Pair protocol. This vulnerability affects millions …
SpectrixDev/DIY_WhisperPairPython
Hijacking Bluetooth Accessories Using Google Fast Pair: WhisperPair CVE-2025-36911 Reference Implementation & Vulnerability Verification Toolkit
KULeuven-COSIC/WhisperPairTypeScript
The official reference implementation & vulnerability verification of our attack WhisperPair (CVE-2025-36911) which affects Google's Fast Pair protocol.
lshaf/unigeekC++
Next generation from M5Geek. UniGeek, support in multiple device.