Jabra Security Center

Jabra's commitment to product security

At Jabra, we take security and privacy seriously and we commit to doing our best to secure our products and maintaining our customers' trust.

As part of this commitment, Jabra supports its products with security updates and, where appropriate, mitigations for vulnerabilities that may affect the confidentiality, integrity, or availability of our products, throughout the support period for each product.

A woman wearing a Jabra Engage 55 Convertible headset with a microphone, engaged in a conversation or virtual meeting

Product Vulnerability Disclosure Policy

Introduction

Jabra is committed to the security and assurance of all our products and services. We recognize the important role that independent security researchers and other members of the security community play in helping to protect our systems and data. To support this, Jabra welcomes vulnerability reports about our products so that our teams can collaborate with reporters to investigate the issue and, where appropriate, coordinate a security fix.

This policy defines Jabra’s Vulnerability Disclosure Program for security vulnerabilities in Jabra products and services. As part of this is described how to report vulnerabilities in a responsible way.

A male office worker using a Jabra Engage 50 II headset while focused on his computer work

Scope

The Product Vulnerability Disclosure Policy addresses all products and services, including software and hardware, sold under the Jabra brand.

We welcome reports about security vulnerabilities that impact the confidentiality, integrity, or availability of Jabra products and services, including unauthorized access, privilege escalation, code execution, or data exposure issues, provided they are not listed as out of scope below:

Suggestion on configuration management and/or misconfigurations based on best practices.
Weak TLS/SSL configuration and certificates, including insecure cipher suites.
UI/UX bugs.

Our product vulnerability policy is designed to address vulnerabilities within our own products. Any vulnerabilities related to third-party vendors fall outside of this policy and should be reported directly to the vendor according to their disclosure policy (if any).

Jabra Evolve2 55 headset on cluttered office desk

Compliance with the policy

If acting in good faith when reporting vulnerabilities under this policy, Jabra will not pursue civil action or support any legal action related to your security research activity for accidental, good faith violations of this policy, or initiate a complaint to law enforcement for unintentional violations.

We encourage you to contact us - using the contact information below - for clarification before engaging in conduct that may be inconsistent with or unaddressed by the policy.

Guidelines

When trying to exploit a potential vulnerability, you must always consider the following conditions:

Do not disrupt or perform actions that may negatively affect Jabra or our customers (denial of service, use malware…).
Destructive testing (including denial of service, data destruction, or malware deployment) is not accepted.
Do not attempt to access any Jabra data, information, or systems
Do not modify, corrupt, or destroy -or attempt to do so- Jabra's data, information or systems, or any data that might compromise the privacy or safety of Jabra's customers or third parties
Do not social engineer any Jabra employee or personnel related to the company in any way.
Do not violate any laws or breach any agreements to discover a vulnerability.
Treat any potential vulnerability responsibly and refrain from disclosing information to the public or third parties but report the vulnerability to us.

Report a vulnerability

If you have discovered a security vulnerability affecting a Jabra product or service, please submit a vulnerability report using this form

Provide the following information:

A detailed description of the suspected vulnerability, including the type of issue, product and version affected, date of discovery, and any potential configuration applied to the product.
Step-by-step instructions required to reproduce the vulnerability. If possible, provide screenshots or any other media that supports the process.
Any additional information that might be of help when assessing the vulnerability.

If Personal Identifiable Information (PII) or any other confidential information is disclosed, report it to us while complying with applicable laws, i.e. limit your access to PII and any other confidential information and refrain from storing, saving, or transferring the data.

Procedure after reporting a vulnerability

Upon receipt, Jabra will acknowledge the report, and we will investigate it and work out a fix to the vulnerability if validated. In this regard, an open confidential dialogue will be encouraged, and we might request additional information from you to help with the resolution.

Jabra commits to:

Acknowledge receipt of your report within 3 business days.
Assess the report to determine whether we can reproduce the issue, whether it is in scope, and its potential severity. For reports that contain sufficient detail, we aim to provide an assessment within 2 weeks of acknowledgement.
Communicate the outcome of our assessment to you and request any additional information if needed.
For confirmed vulnerabilities, we will prioritize remediation based on severity, exploitability, and potential impact. We will provide periodic updates on our progress (at least every 30 days) until a fix or mitigation has been released, or we have decided that no fix will be made.

For confirmed vulnerabilities, we will prioritize remediation based on severity, exploitability, and potential impact. We will provide periodic updates on our progress (at least every 30 days) until a fix or mitigation has been released, or we have decided that no fix will be made.

Different product models may have unique architecture, firmware versions, and underlying technologies. Consequently, the development and testing of security patches can vary. We commit to addressing vulnerabilities across all affected models but acknowledge that delivery times may differ. Security patches might require patch input from third party vendors that might influence overall timeline of mitigating vulnerabilities.

Public acknowledgement, notification, and compensation

Keep in mind that our customers' security is a priority and therefore we need to give them enough time to apply any fix that has been developed to remediate the vulnerability. In that regard, we request you not to disclose publicly any information about the vulnerability until the whole process has been completed, including the release of the fix, public disclosure of the vulnerability, and notification to our users and customers (if required).

Whenever applicable, Jabra will coordinate with you on a public disclosure of the vulnerability. Be informed that Jabra currently doesn't offer any monetary compensation nor bug bounty program for discovered vulnerabilities but an acknowledgment to the reporting person can be posted together with the security disclosure from Jabra.

Male office worker wearing a Jabra Engage 55 headset

Security advisories

DATE (dd-mm-yyyy)	ID	INFORMATION
27/05/2026	CVE-2025-22871 CVE-2024-24790 CVE-2023-2453 CVE-2023-29827	The vulnerabilities have been fully addressed in Jabra Direct release 8.1.14601. The main vulnerabilities were resolved by upgrading the Angular architecture framework used for the desktop application.
23/01/2026	CVE-2025-36911	A vulnerability in Google Fast Pair (CVE‑2025‑36911 referred to as WhisperPair) could allow an attacker within Bluetooth range to impersonate a trusted device, potentially enabling unauthorized pairing, device control, audio interception, or limited device‑tracking. With FW 4.6.0 (Jabra Elite 8 Active and Jabra Elite 10 Gen 1) and FW 2.6.0 (Jabra Elite 8 Active and Jabra Elite 10 Gen 2) this vulnerability is mitigated.
29/09/2025	CVE-2025-20700 CVE-2025-20701 CVE-2025-20702	The vulnerability allowed attackers within Bluetooth range to access the headset without pairing or authentication. In rare cases, this could result in unauthorized control of the headset, microphone eavesdropping, or access to recent call or media activity. It has been fully addressed in Jabra Perform 75 (FW 2.28.0). The vulnerability was resolved by 29/09/2025.
19/09/2025	CVE-2025-20700 CVE-2025-20701 CVE-2025-20702	The vulnerability allowed attackers within Bluetooth range to access the headset without pairing or authentication. In rare cases, this could result in unauthorized control of the headset, microphone eavesdropping, or access to recent call or media activity. It has been fully addressed in Jabra Elite 8 Active Gen 1 (FW 4.5.0), Jabra Elite 10 Gen 1 (FW 4.5.0), Jabra Elite 8 Active Gen 2 (FW 2.5.0) and Jabra Elite 10 Gen 2 (FW 2.5.0). The vulnerability was resolved by 11/09/2025.
29/04/2025	CVE-2025-2783	The vulnerability has been fully addressed in Jabra Direct release 6.22.11401 The vulnerability was resolved by upgrading the Electron framework used for the desktop application.
26/09/2024	Secure pairing in DECT products	A potential security vulnerability affecting secure pairing between DECT headset and Engage DECT base has been addressed in firmware release 5.18.1, which is applicable to: Engage 45 SE, Engage 55 /55 SE, Engage 65 /65 SE, Engage 75 /75 SE
15/04/2024	Arbitrary Code Execution in Jabra Direct Online application	A potential vulnerability initially reported by RIPEDA Consulting on 2023-12-23 affecting the handling of the Electron fuse 'RunAsNode' has been addressed in Jabra Direct release 6.14.08801
19/03/2024	CVE-2023-4863 (update)	The vulnerability has been fully addressed in Jabra Direct release 6.13.01801 while Personal Base Screen Image feature has been reverted back
18/10/2023	CVE-2023-4863	The vulnerability has been addressed in Jabra Direct release 6.11.28601 by removing the Personal Base Screen Image which was available for Jabra Engage 75
22/04/2021	Security Incident Bulletin Version 2.0	KNOB and BIAS Bluetooth vulnerabilities

Jabra Security Center

Jabra's commitment to product security

Product Vulnerability Disclosure Policy

Introduction

Scope

Compliance with the policy

Guidelines

Report a vulnerability

Provide the following information:

Procedure after reporting a vulnerability

Public acknowledgement, notification, and compensation

Security advisories

About us

Support resources

FAQs

Get in touch

Jabra Security Center

Jabra's commitment to product security

Product Vulnerability Disclosure Policy

Introduction

Scope

Compliance with the policy

Guidelines

Procedure after reporting a vulnerability

Public acknowledgement, notification, and compensation

Security advisories

About us

Support resources

FAQs

Get in touch