CVE-2025-60251 | THREATINT

Description

Unitree Go2, G1, H1, and B2 devices through 2025-09-20 accept any handshake secret with the unitree substring.

PUBLISHED Reserved 2025-09-26 | Published 2025-09-26 | Updated 2025-09-26 | Assigner mitre

MEDIUM: 5.0CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

Problem types

CWE-306 Missing Authentication for Critical Function

Product status

Default status

unknown

Any version

affected

Default status

unknown

Any version

affected

Default status

unknown

Any version

affected

Default status

unknown

Any version

affected

References

spectrum.ieee.org/unitree-robot-exploit

github.com/Bin4ry/UniPwn

news.ycombinator.com/item?id=45381590

cve.org (CVE-2025-60251)

nvd.nist.gov (CVE-2025-60251)

Download JSON

help @ threatint.eu