CVE-2025-70994
CVE-2025-70994
Yadea T5 Electric Bicycles (models manufactured in/after 2024) have a weak authentication mechanism in their keyless entry system. The system utilizes the EV1527 fixed-code RF protocol without implementing rolling codes or cryptographic challenge-response mechanisms. This is vulnerable to signal forgery after a local attacker intercepts any legitimate key fob transmission, allowing for complete unauthorized vehicle operation via a replay attack.
CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
Affected products
n/a · n/apublic PoCs found — 1
githubgithub.com/ktauchathuranga/CVE-2025-70994★ 0⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →