CVE-2025-6029

Summary

Use of fixed learning codes, one code to lock the car and the other code to unlock it, the Key Fob Transmitter in KIA-branded Aftermarket Generic Smart Keyless Entry System, primarily distributed in Ecuador, which allows a replay attack.

Manufacture is unknown at the time of release.  CVE Record will be updated once this is clarified.

Affected Software

VendorProductVersion RangeStatus
KIAAftermarket Generic Smart Keyless Entry SystemKIA Ecuador Key Fobs version 2022/2023affected

Weaknesses

  • CWE-307: CWE-307 Improper Restriction of Excessive Authentication Attempts
  • CWE-294: CWE-294 Authentication Bypass by Capture-replay

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References