CVE-2025-6030

Autoeastern Smart Keyless Entry System Replay Attack

CVSS 9.4 CRITICALEPSS 0.2%CWE-294 CWE-307

Vexday Risk Score

28Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 9.4EPSS 0.2%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

13 Jun 2025Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

Use of fixed learning codes, one code to lock the car and the other code to unlock it, in the Key Fob Transmitter in Cyclone Matrix TRF Smart Keyless Entry System, which allows a replay attack. Research was completed on the 2024 KIA Soluto. Attack confirmed on other KIA Models in Ecuador.

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/AU:N

Affected products

Autoeastern · Cyclone Matrix TRF

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://asrg.io/security-advisories/cve-2025-6030-autoeastern-smart-keyless-entry-system-replay-attack/https://revers3everything.com/unlocking-thousands-of-cars-by-exploiting-learning-codes-from-key-fobs/