CVE-2025-7020
BaseFortify
Publication date: 2025-08-09
Last updated on: 2025-08-11
Assigner: Automotive Security Research Group (ASRG)
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| byd | dilink | 13.1.32.2307211.1 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-656 | The product uses a protection mechanism whose strength depends heavily on its obscurity, such that knowledge of its algorithms or key data is sufficient to defeat the mechanism. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in BYD's DiLink 3.0 OS system log dump feature, where an incorrect encryption implementation allows an attacker with physical access to the vehicle to bypass encryption on log dumps stored in the In-Vehicle Infotainment (IVI) unit. The attacker can then access sensitive system logs containing personally identifiable information (PII) and location data. The flaw stems from a hard-coded cryptographic key and weak encryption introduced in a patch meant to fix a previous vulnerability (CVE-2024-54728). Exploitation requires physical access, use of debugging tools, and extracting encryption keys to decrypt the logs. [1]
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized access to sensitive personal data and location information stored in the vehicle's system logs. This can result in privacy violations, potential vehicle tracking, and exposure of personally identifiable information (PII). An attacker with physical access could exploit this to compromise user privacy and security. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability requires physical access to the vehicle and the multimedia unit's debug port. Detection involves locating the encrypted log dump files on the In-Vehicle Infotainment (IVI) unit's storage. Tools such as ADB (Android Debug Bridge), APKtool, and JDAX can be used to extract the Initial Vector (IV) for the AES encryption and download the logs to verify if the encryption can be bypassed. Specific commands would include using ADB to connect to the device and pull the log dump files for analysis. However, exact commands are not provided in the available resources. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting physical access to the vehicle and its multimedia unit to prevent attackers from exploiting the vulnerability. It is recommended that BYD revises the encryption approach for system log dumps by implementing an asymmetric encryption algorithm with proper key management and secure practices. Until a secure patch is released and applied, limiting physical access and monitoring for unauthorized access to the debug port are the best immediate actions. [1]