EUVD-2025-18276

| CVE-2025-6029 CRITICAL
Authentication Bypass by Capture-replay (CWE-294)
2025-06-13 [email protected]
Information Disclosure
9.4
CVSS 4.0
Share

CVSS VectorNVD

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/AU:N
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
None
User Interaction
None

Lifecycle Timeline

3
Analysis Generated
Mar 14, 2026 - 21:34 vuln.today
EUVD ID Assigned
Mar 14, 2026 - 21:34 euvd
EUVD-2025-18276
CVE Published
Jun 13, 2025 - 15:15 nvd
CRITICAL 9.4

DescriptionNVD

Use of fixed learning codes, one code to lock the car and the other code to unlock it, the Key Fob Transmitter in KIA-branded Aftermarket Generic Smart Keyless Entry System, primarily distributed in Ecuador, which allows a replay attack.

Manufacture is unknown at the time of release.  CVE Record will be updated once this is clarified.

AnalysisAI

Critical vulnerability in aftermarket KIA-branded smart keyless entry systems (primarily distributed in Ecuador) that use fixed, reusable learning codes for lock/unlock operations, enabling replay attacks to gain unauthorized vehicle access. The vulnerability affects an unknown manufacturer's generic smart key fob transmitter and has a CVSS score of 9.4 with critical impact across confidentiality, integrity, and availability. While KEV status and active exploitation data are not yet confirmed, the trivial nature of replay attacks against static codes and the high CVSS vector suggest significant real-world risk requiring immediate user awareness and manufacturer patching.

Technical ContextAI

This vulnerability stems from a fundamental cryptographic implementation failure in wireless key fob authentication protocols. The affected systems use CWE-294 (Authentication Using a Single Factor) by relying on fixed, hardcoded learning codes that remain constant across power cycles and sessions. The key fob transmitter uses these static codes to communicate lock/unlock commands to the vehicle receiver without implementing replay attack protections such as rolling codes, time-based tokens, nonces, or message authentication codes (MACs). The attack vector is Adjacent (AV:A), indicating an attacker must be within wireless range (typically RF range of 30-100 meters for 433MHz or 315MHz automotive remotes). The Low Complexity (AC:L) reflects that no special conditions are required—an attacker can passively capture transmissions and retransmit them without modification. CPE data for this vulnerability is limited due to the unknown manufacturer status, but affected products are generic aftermarket smart keyless entry systems branded for KIA vehicles and distributed primarily through regional supply chains in Ecuador.

RemediationAI

Immediate Actions: (1) Awareness: End users should contact the aftermarket system installer/vendor to determine manufacturer identity and available firmware or hardware updates; (2) Temporary Mitigations: Use physical steering wheel locks, park in garages, disable wireless entry and revert to mechanical keys where possible, or consider removal of the vulnerable aftermarket system pending manufacturer patch; (3) Long-term Fix: Await manufacturer release of patched firmware implementing rolling codes, cryptographic nonces, or HMAC-based authentication; (4) Vendor Coordination: Monitor KIA's official security advisories and the CVE details page (expected update once manufacturer is identified) for official patches and replacement hardware; (5) Supply Chain Review: Vendors and integrators should audit other deployed units of the same aftermarket system and halt sales until patches are available. Patch availability and specific version numbers are not yet disclosed due to unknown manufacturer status.

Share

EUVD-2025-18276 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy