CVE-2025-6029
BaseFortify
Publication date: 2025-06-13
Last updated on: 2025-06-16
Assigner: Automotive Security Research Group (ASRG)
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-294 | A capture-replay flaw exists when the design of the product makes it possible for a malicious user to sniff network traffic and bypass authentication by replaying it to the server in question to the same effect as the original message (or with minor changes). |
| CWE-307 | The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability affects KIA-branded aftermarket generic smart keyless entry systems used in Ecuadorian KIA vehicles from 2022 to 2025. The key fobs use fixed learning codes instead of secure rolling codes. Fixed codes remain constant and can be captured by an attacker using radio frequency equipment, allowing them to replay the signal to unlock the vehicle. The limited code space and support for multiple learning codes increase the risk of brute force and backdoor attacks, where unauthorized codes can be programmed into the vehicle without the owner's knowledge. Additionally, the same fixed codes are used by multiple devices, increasing the chance of unintended access to unrelated vehicles or devices. [1]
How can this vulnerability impact me? :
This vulnerability can lead to unauthorized access and theft of affected vehicles because attackers can capture and replay the fixed key fob codes to unlock the car. The risk is heightened by the possibility of brute force attacks on multiple learning codes and backdoor programming of unauthorized codes. Vehicles with this vulnerability are at significant risk of being unlocked and potentially stolen without the owner's knowledge. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by capturing and analyzing the radio frequency signals emitted by the key fob, specifically on frequencies 315, 370, or 433 MHz. Using software-defined radio (SDR) tools such as HackRF combined with GNURadio, you can capture the fixed learning codes transmitted by the key fob. The researcher Danilo Erazo developed a Python tool called AutoRFKiller that can be used to detect and exploit these fixed and learning codes. Commands would involve using GNURadio flowgraphs or AutoRFKiller scripts to scan and record signals on the specified frequencies to identify fixed code transmissions vulnerable to replay attacks. [1]
What immediate steps should I take to mitigate this vulnerability?
The recommended immediate mitigation is to replace the vulnerable learning code key fobs with key fobs that use rolling code technology, which prevents replay and cloning attacks. Since the affected key fobs use fixed codes that can be replayed or brute forced, switching to rolling code key fobs is the industry standard and the most effective way to secure the vehicle. Additionally, be cautious of unauthorized programming of new learning codes into the vehicle receiver, and monitor for suspicious access attempts. [1]