Skip to main content

EUVDEUVD-2025-209567

| CVE-2025-70994 HIGH
Weak Authentication (CWE-1390)
2026-04-23 mitre GHSA-4cpv-8qgx-f9fv
7.3
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.3 HIGH
AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
High

Lifecycle Timeline

3
CVSS changed
Apr 23, 2026 - 18:42 NVD
7.3 (None) 7.3 (HIGH)
EUVD ID Assigned
Apr 23, 2026 - 15:00 euvd
EUVD-2025-209567
CVE Published
Apr 23, 2026 - 00:00 nvd
HIGH 7.3

DescriptionCVE.org

Yadea T5 Electric Bicycles (models manufactured in/after 2024) have a weak authentication mechanism in their keyless entry system. The system utilizes the EV1527 fixed-code RF protocol without implementing rolling codes or cryptographic challenge-response mechanisms. This is vulnerable to signal forgery after a local attacker intercepts any legitimate key fob transmission, allowing for complete unauthorized vehicle operation via a replay attack.

Analysis

Yadea T5 Electric Bicycles (models manufactured in/after 2024) have a weak authentication mechanism in their keyless entry system. The system utilizes the EV1527 fixed-code RF protocol without implementing rolling codes or cryptographic challenge-response mechanisms. This is vulnerable to signal forgery after a local attacker intercepts any legitimate key fob transmission, allowing for complete unauthorized vehicle operation via a replay attack.

Share

EUVD-2025-209567 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy