CVE-2025-70994

Published: Apr 23, 2026 Last Modified: Apr 24, 2026

ExploitDB:

Other exploit source:

Google Dorks:

HIGH 7,3

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

Attack Vector: adjacent_network

Attack Complexity: low

Privileges Required: none

User Interaction: required

Scope: unchanged

Confidentiality: none

Integrity: high

Availability: high

Description

AI Translation Available

Yadea T5 Electric Bicycles (models manufactured in/after 2024) have a weak authentication mechanism in their keyless entry system. The system utilizes the EV1527 fixed-code RF protocol without implementing rolling codes or cryptographic challenge-response mechanisms. This is vulnerable to signal forgery after a local attacker intercepts any legitimate key fob transmission, allowing for complete unauthorized vehicle operation via a replay attack.

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score

0,0003

Percentile

0,1th

Updated

EPSS Score Trend (Last 4 Days)

1390

Weak Authentication

Incomplete

Abstraction: Class Structure: Simple

Common Consequences

Security Scopes Affected:

Integrity Confidentiality Availability Access Control

Potential Impacts:

Read Application Data Gain Privileges Or Assume Identity Execute Unauthorized Code Or Commands

Applicable Platforms

Technologies: ICS/OT, Not Technology-Specific

View CWE Details

https://github.com/ktauchathuranga/CVE-2025-70994

https://github.com/ktauchathuranga/ghost-keys

CVE-2025-70994

Description

EPSS (Exploit Prediction Scoring System)

EPSS (Exploit Prediction Scoring System)

EPSS Score Trend (Last 4 Days)

Weak Authentication

Common Consequences

Applicable Platforms

Iscriviti alla newsletter