CVE-2025-45467
BaseFortify
Publication date: 2025-07-25
Last updated on: 2025-10-17
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| unitree | go1_firmware | to Go1_2022_05_11 (inc) |
| unitree | go1 | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-276 | During installation, installed file permissions are set to allow anyone to modify those files. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability affects the Unitree Go1 robotic dog firmware versions up to Go1_2022_05_11. The firmware update process relies solely on an insecure MD5 checksum to verify firmware integrity, without using stronger cryptographic signatures or certificates. Because MD5 is weak and easily bypassed, an attacker can modify the firmware, recalculate the MD5 checksum, and upload malicious firmware remotely via Wi-Fi or Ethernet, bypassing authentication controls. [1]
How can this vulnerability impact me? :
Exploitation of this vulnerability allows an attacker to remotely execute arbitrary code on the Unitree Go1 robot, escalate privileges, and disclose sensitive information. This means the attacker can fully compromise the device, potentially controlling it or accessing confidential data. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
To detect this vulnerability, you can inspect the firmware update process on the Unitree Go1 robot by checking the /run.sh script within the firmware package to see if it relies solely on MD5 checksum verification without cryptographic signatures. Commands to assist detection include downloading and extracting the firmware package, then using commands like 'cat /run.sh' or 'grep md5 /run.sh' to confirm the use of MD5 checksum only. Additionally, monitoring network traffic for firmware uploads over Wi-Fi or Ethernet could help identify unauthorized firmware update attempts. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting network access to the Unitree Go1 robot's firmware update interfaces (Wi-Fi and Ethernet) to trusted sources only, disabling remote firmware updates if possible, and monitoring for any unauthorized firmware upload attempts. Applying firmware updates from Unitree Robotics that address this vulnerability when available is also critical. Until a secure firmware version is released, avoid exposing the robot to untrusted networks. [1]