CVE-2025-6030

Summary

Use of fixed learning codes, one code to lock the car and the other code to unlock it, in the Key Fob Transmitter in Cyclone Matrix TRF Smart Keyless Entry System, which allows a replay attack.

Research was completed on the 2024 KIA Soluto.  Attack confirmed on other KIA Models in Ecuador.

Affected Software

VendorProductVersion RangeStatus
AutoeasternCyclone Matrix TRF2024 <= 2025affected

Weaknesses

  • CWE-307: CWE-307 Improper Restriction of Excessive Authentication Attempts
  • CWE-294: CWE-294 Authentication Bypass by Capture-replay

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References