CVE-2025-60250 | THREATINT

Description

Unitree Go2, G1, H1, and B2 devices through 2025-09-20 decrypt BLE packet data by using the df98b715d5c6ed2b25817b6f2554124a key and the 2841ae97419c2973296a0d4bdfe19a4f IV.

PUBLISHED Reserved 2025-09-26 | Published 2025-09-26 | Updated 2025-09-26 | Assigner mitre

MEDIUM: 4.7CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N

Problem types

CWE-321 Use of Hard-coded Cryptographic Key

Product status

Default status

unknown

Any version

affected

Default status

unknown

Any version

affected

Default status

unknown

Any version

affected

Default status

unknown

Any version

affected

References

spectrum.ieee.org/unitree-robot-exploit

github.com/Bin4ry/UniPwn

news.ycombinator.com/item?id=45381590

cve.org (CVE-2025-60250)

nvd.nist.gov (CVE-2025-60250)

Download JSON

help @ threatint.eu