We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2025-2894

Unitree Go1 Robot Dog Backdoor Control Channel



Description

The Go1 also known as "The World's First Intelligence Bionic Quadruped Robot Companion of Consumer Level," contains an undocumented backdoor that can enable the manufacturer, and anyone in possession of the correct API key, complete remote control over the affected robotic device using the CloudSail remote access service.

Reserved 2025-03-28 | Published 2025-03-28 | Updated 2025-04-03 | Assigner AHA


MEDIUM: 6.6CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

Problem types

CWE-912: Hidden Functionality

Product status

Default status
unaffected

2022_05_11_e0d0e617
affected

Credits

Andreas Makris finder

Kevin Finisterre finder

todb coordinator

References

github.com/...shuTechUnitreeGo1/blob/main/Unitree_report.pdf technical-description

x.com/d0tslash/status/1730989109332607208 related

github.com/unitreerobotics/unitree_ros/issues/120 issue-tracking

takeonme.org/cves/cve-2025-2894/ third-party-advisory

www.axios.com/...r-in-chinese-robots-future-of-cybersecurity media-coverage

cve.org (CVE-2025-2894)

nvd.nist.gov (CVE-2025-2894)

Download JSON

Share this page
https://cve.threatint.eu/CVE/CVE-2025-2894

Support options

Helpdesk Chat, Email, Knowledgebase
© Copyright 2025 THREATINT
Made in Cyprus with +
 System status
Find us on
Data Privacy
Terms of Use
Logo BSI Allianz für Cyber-Sicherheit
Error loading Crisp.chat. Please check your web content filter and browser plugins.