CVE-2025-60251
BaseFortify
Publication date: 2025-09-26
Last updated on: 2025-09-26
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| unitree | b2 | * |
| unitree | g1 | * |
| unitree | h1 | * |
| unitree | go2 | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-306 | The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability affects Unitree Go2, G1, H1, and B2 devices up to September 20, 2025, where these devices accept any handshake secret that contains the substring 'unitree'. This means the authentication process is weakened because the devices do not properly validate the handshake secret, potentially allowing unauthorized access.
How can this vulnerability impact me? :
The vulnerability can allow unauthorized users to gain access to affected Unitree devices by exploiting the weak handshake secret validation. This could lead to limited confidentiality, integrity, and availability impacts on the device and its data, as indicated by the CVSS score showing low to moderate impact on these security aspects.