CVE-2025-6030
BaseFortify
Publication date: 2025-06-13
Last updated on: 2025-06-16
Assigner: Automotive Security Research Group (ASRG)
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-294 | A capture-replay flaw exists when the design of the product makes it possible for a malicious user to sniff network traffic and bypass authentication by replaying it to the server in question to the same effect as the original message (or with minor changes). |
| CWE-307 | The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-6030 is a critical security vulnerability in the Autoeastern Smart Keyless Entry System used in certain KIA vehicles. The issue arises because the key fobs use fixed learning codes instead of secure rolling codes. These fixed codes do not change and can be captured by attackers using radio frequency signals. This allows attackers to perform replay attacks by recording and retransmitting the unlocking signal to gain unauthorized access to the vehicle. Additionally, the limited code space and the ability to store multiple fixed codes increase the risk of brute force and cloning attacks. There is also a backdoor risk where attackers can program unauthorized codes into the vehicle receiver, potentially during production. The vulnerability affects multiple KIA models in Ecuador and likely other Latin American countries, and the recommended mitigation is to replace learning code key fobs with rolling code technology. [1, 2]
How can this vulnerability impact me? :
This vulnerability can lead to unauthorized access to your vehicle by attackers who can capture and replay the fixed key fob codes to unlock your car. Attackers can clone your key fob, perform brute force attacks due to the limited code space, or exploit backdoors to program their own codes into your vehicle's receiver. This puts your vehicle at risk of theft or unauthorized use. Since the vulnerability affects multiple KIA models and possibly other vehicles using similar key fobs, owners in affected regions, especially Ecuador and potentially other Latin American countries, are at risk. The lack of remediation means the threat remains active unless the vulnerable key fobs are replaced with rolling code systems. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by capturing and analyzing the radio frequency (RF) signals emitted by the key fob transmitter operating at 315, 370, or 433 MHz. Using software-defined radio (SDR) hardware such as HackRF and tools like GNURadio or the AutoRFKiller Python tool developed by Danilo Erazo, you can capture fixed learning codes and test for replay attacks. Commands would involve using GNURadio scripts or AutoRFKiller to scan and record RF signals, then attempt replay or brute force attacks to verify vulnerability. Specific commands depend on the SDR setup and AutoRFKiller usage, for example, running AutoRFKiller with appropriate parameters to capture and replay signals. [1, 2]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to replace learning code key fobs with key fobs that use rolling code technology, which changes the code with each use and prevents replay and cloning attacks. Since no effective remediation has been implemented by manufacturers, users should avoid using vulnerable learning code key fobs and insist on rolling code systems. Additionally, be cautious of dealerships installing learning code key fobs and consider consulting with automotive security experts or the Automotive Security Research Group (ASRG) for guidance. [1, 2]