I am concerned with the MAC spoofing on a Bluetooth LE Device. Is it possible during only the bonding or would be possible in any step of the connection (pairing, bonding, scan, data exchange, etc...)
Yes, it is achievable.
Mike Ryan from iSEC Partners used specific hardware to achieve injection, in his article Bluetooth: with low energy comes low security
From Ubertooth we send undirected advertising messages broadcasting the existence of a device with a user-specified MAC address.
And here is the presentation at Usenix WOOT'13 conference.