yes sorry, just updated my comment shortly before you replied.

This is CVE-2025-36911, the other ones were CVE-2025-20700, CVE-2025-20701, CVE-2025-20702. Coincidentally a similar set of headphones affected.

This one also has a pairing vulnerability, but I assume fast pair is on the BLE level:

> To start the Fast Pair procedure, a Seeker (a phone) sends a message to the Provider (an accessory) indicating that it wants to pair. > [...] allowing unauthorised devices to start the pairing process [...]

It's a pity that this is only awarded with $15k, this is a really bad vulnerability - which clearly required thoughtful investigation, publishing, reporting, ... and would have a much bigger audience in the exploit market.