{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-6029", "assignerOrgId": "c15abc07-96a9-4d11-a503-5d621bfe42ba", "state": "PUBLISHED", "assignerShortName": "ASRG", "dateReserved": "2025-06-12T14:11:07.087Z", "datePublished": "2025-06-13T14:25:50.597Z", "dateUpdated": "2025-06-13T14:52:13.217Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Aftermarket Generic Smart Keyless Entry System", "vendor": "KIA", "versions": [{"status": "affected", "version": "KIA Ecuador Key Fobs version 2022/2023"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Danilo Erazo"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Use of fixed learning codes, one code to lock the car and the other code to unlock it, the&nbsp;Key Fob Transmitter in KIA-branded Aftermarket Generic Smart Keyless Entry System, primarily distributed in Ecuador, which allows a replay attack.<br><br>Manufacture is unknown at the time of release.&nbsp; CVE Record will be updated once this is clarified.&nbsp;"}], "value": "Use of fixed learning codes, one code to lock the car and the other code to unlock it, the\u00a0Key Fob Transmitter in KIA-branded Aftermarket Generic Smart Keyless Entry System, primarily distributed in Ecuador, which allows a replay attack.\n\nManufacture is unknown at the time of release.\u00a0 CVE Record will be updated once this is clarified."}], "impacts": [{"capecId": "CAPEC-115", "descriptions": [{"lang": "en", "value": "CAPEC-115 Authentication Bypass"}]}, {"capecId": "CAPEC-112", "descriptions": [{"lang": "en", "value": "CAPEC-112 Brute Force"}]}, {"capecId": "CAPEC-117", "descriptions": [{"lang": "en", "value": "CAPEC-117 Interception"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NO", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "ADJACENT", "baseScore": 9.4, "baseSeverity": "CRITICAL", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/AU:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-307", "description": "CWE-307 Improper Restriction of Excessive Authentication Attempts", "lang": "en", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-294", "description": "CWE-294 Authentication Bypass by Capture-replay", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "c15abc07-96a9-4d11-a503-5d621bfe42ba", "shortName": "ASRG", "dateUpdated": "2025-06-13T14:25:50.597Z"}, "references": [{"tags": ["related"], "url": "https://revers3everything.com/unlocking-thousands-of-cars-by-exploiting-learning-codes-from-key-fobs/"}, {"tags": ["third-party-advisory"], "url": "https://asrg.io/security-advisories/cve-2025-6029-kia-branded-aftermarket-generic-smart-keyless-entry-system-replay-attack/"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<ul><li>Replace the current Keyless Entry System (KES) with one that utilizes rolling code&nbsp;technology.</li><li>Avoid using key fobs with fixed or learning-code systems.</li></ul>"}], "value": "* Replace the current Keyless Entry System (KES) with one that utilizes rolling code\u00a0technology.\n * Avoid using key fobs with fixed or learning-code systems."}], "source": {"discovery": "EXTERNAL"}, "title": "KIA-branded Aftermarket Generic Smart Keyless Entry System Replay Attack", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-06-13T14:52:08.865188Z", "id": "CVE-2025-6029", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-13T14:52:13.217Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-6029", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-06-13T14:52:08.865188Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-13T14:52:10.592Z"}}], "cna": {"title": "KIA-branded Aftermarket Generic Smart Keyless Entry System Replay Attack", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Danilo Erazo"}], "impacts": [{"capecId": "CAPEC-115", "descriptions": [{"lang": "en", "value": "CAPEC-115 Authentication Bypass"}]}, {"capecId": "CAPEC-112", "descriptions": [{"lang": "en", "value": "CAPEC-112 Brute Force"}]}, {"capecId": "CAPEC-117", "descriptions": [{"lang": "en", "value": "CAPEC-117 Interception"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 9.4, "Automatable": "NO", "attackVector": "ADJACENT", "baseSeverity": "CRITICAL", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/AU:N", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "KIA", "product": "Aftermarket Generic Smart Keyless Entry System", "versions": [{"status": "affected", "version": "KIA Ecuador Key Fobs version 2022/2023"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "* Replace the current Keyless Entry System (KES) with one that utilizes rolling code\u00a0technology.\n * Avoid using key fobs with fixed or learning-code systems.", "supportingMedia": [{"type": "text/html", "value": "<ul><li>Replace the current Keyless Entry System (KES) with one that utilizes rolling code&nbsp;technology.</li><li>Avoid using key fobs with fixed or learning-code systems.</li></ul>", "base64": false}]}], "references": [{"url": "https://revers3everything.com/unlocking-thousands-of-cars-by-exploiting-learning-codes-from-key-fobs/", "tags": ["related"]}, {"url": "https://asrg.io/security-advisories/cve-2025-6029-kia-branded-aftermarket-generic-smart-keyless-entry-system-replay-attack/", "tags": ["third-party-advisory"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Use of fixed learning codes, one code to lock the car and the other code to unlock it, the\u00a0Key Fob Transmitter in KIA-branded Aftermarket Generic Smart Keyless Entry System, primarily distributed in Ecuador, which allows a replay attack.\n\nManufacture is unknown at the time of release.\u00a0 CVE Record will be updated once this is clarified.", "supportingMedia": [{"type": "text/html", "value": "Use of fixed learning codes, one code to lock the car and the other code to unlock it, the&nbsp;Key Fob Transmitter in KIA-branded Aftermarket Generic Smart Keyless Entry System, primarily distributed in Ecuador, which allows a replay attack.<br><br>Manufacture is unknown at the time of release.&nbsp; CVE Record will be updated once this is clarified.&nbsp;", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-307", "description": "CWE-307 Improper Restriction of Excessive Authentication Attempts"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-294", "description": "CWE-294 Authentication Bypass by Capture-replay"}]}], "providerMetadata": {"orgId": "c15abc07-96a9-4d11-a503-5d621bfe42ba", "shortName": "ASRG", "dateUpdated": "2025-06-13T14:25:50.597Z"}}}, "cveMetadata": {"cveId": "CVE-2025-6029", "state": "PUBLISHED", "dateUpdated": "2025-06-13T14:52:13.217Z", "dateReserved": "2025-06-12T14:11:07.087Z", "assignerOrgId": "c15abc07-96a9-4d11-a503-5d621bfe42ba", "datePublished": "2025-06-13T14:25:50.597Z", "assignerShortName": "ASRG"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Use of fixed learning codes, one code to lock the car and the other code to unlock it, the\u00a0Key Fob Transmitter in KIA-branded Aftermarket Generic Smart Keyless Entry System, primarily distributed in Ecuador, which allows a replay attack.\n\nManufacture is unknown at the time of release.\u00a0 CVE Record will be updated once this is clarified."}, {"lang": "es", "value": "Uso de c\u00f3digos de aprendizaje fijos, uno para bloquear el veh\u00edculo y otro para desbloquearlo, en el transmisor de llavero del sistema de entrada sin llave inteligente gen\u00e9rico de posventa de KIA, distribuido principalmente en Ecuador, lo que permite un ataque de repetici\u00f3n. Se desconoce el fabricante al momento de su publicaci\u00f3n. El registro CVE se actualizar\u00e1 una vez que se aclare esta cuesti\u00f3n."}], "id": "CVE-2025-6029", "lastModified": "2025-06-16T12:32:18.840", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NO", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "ADJACENT", "availabilityRequirement": "NOT_DEFINED", "baseScore": 9.4, "baseSeverity": "CRITICAL", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cve@asrg.io", "type": "Secondary"}]}, "published": "2025-06-13T15:15:21.430", "references": [{"source": "cve@asrg.io", "url": "https://asrg.io/security-advisories/cve-2025-6029-kia-branded-aftermarket-generic-smart-keyless-entry-system-replay-attack/"}, {"source": "cve@asrg.io", "url": "https://revers3everything.com/unlocking-thousands-of-cars-by-exploiting-learning-codes-from-key-fobs/"}], "sourceIdentifier": "cve@asrg.io", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-294"}, {"lang": "en", "value": "CWE-307"}], "source": "cve@asrg.io", "type": "Secondary"}]}

{}