← voltar
CVE-2025-6030

Autoeastern Smart Keyless Entry System Replay Attack

CVSS 9.4 CRITICALEPSS 0.2%CWE-294CWE-307
Vexday Risk Score
28Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 9.4EPSS 0.2%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
13 jun 2025Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
Use of fixed learning codes, one code to lock the car and the other code to unlock it, in the Key Fob Transmitter in Cyclone Matrix TRF Smart Keyless Entry System, which allows a replay attack. Research was completed on the 2024 KIA Soluto.  Attack confirmed on other KIA Models in Ecuador.
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/AU:N
Produtos afetados
Autoeastern · Cyclone Matrix TRF

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://asrg.io/security-advisories/cve-2025-6030-autoeastern-smart-keyless-entry-system-replay-attack/https://revers3everything.com/unlocking-thousands-of-cars-by-exploiting-learning-codes-from-key-fobs/