Command Injection Vulnerability in Unitree Robotic Products

CVE-2025-35027

What is CVE-2025-35027?

CVE-2025-35027 is a significant command injection vulnerability identified in several robotic products developed by Unitree, specifically affecting the firmware shared among models such as the Go2, G1, H1, and B2. This vulnerability allows attackers to exploit the configuration process of the on-board WiFi via a Bluetooth Low Energy (BLE) module. By injecting a malicious string during this setup and subsequently restarting the WiFi service, an attacker could execute commands with root privileges through the wpa_supplicant_restart.sh shell script. The underlying codebase for the firmware, based on MIT Cheetah, is common across the impacted models, raising concerns about the security posture of Unitree's entire product line. Should this vulnerability be exploited, it could lead to unauthorized access and control over robotic systems, which can be particularly damaging in environments relying on these robots for operational tasks.

Potential impact of CVE-2025-35027

1. Unauthorized System Control: The command injection vulnerability could allow a malicious actor to gain root access to affected robotic products. This level of access enables attackers to execute arbitrary commands, which could lead to the manipulation or compromise of the robot's functionalities.

2. Operational Disruption: Exploiting this vulnerability may result in significant disruptions to the operations relying on Unitree’s robotic systems. If attackers take control of the robots, they could interfere with their intended tasks, potentially causing safety hazards or operational failures in critical applications.

3. Data Breach and Loss: With the ability to execute commands as root, attackers could extract sensitive information from the robotic systems or the networks they connect to. This could lead to data breaches involving proprietary information, user data, or operational secrets, compromising organizational integrity and trust.

References