BLE Decryption Vulnerability in Unitree Robotics
CVE-2025-60250

4.7MEDIUM

Key Information:

Vendor: Unitree
Status: Go2; G1; H1; B2
Vendor: CVE Published:; 26 September 2025

What is CVE-2025-60250?

Certain Unitree robotics devices, including Go2, G1, H1, and B2, have a vulnerability that enables attackers to decrypt sensitive BLE packet data. This occurs through the use of a specific cryptographic key and initialization vector, allowing unauthorized access to the transmitted information. This security flaw poses a risk as it may expose critical communications and data exchanged between devices, highlighting the need for prompt remediation.

Affected Version(s)

B2 0 <= 2025-09-20

G1 0 <= 2025-09-20

Go2 0 <= 2025-09-20

References

https://spectrum.ieee.org/unitree-robot-exploit

https://github.com/Bin4ry/UniPwn

CVSS V3.1

Score:

4.7

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 26, 2025
Vulnerability Reserved
Sep 26, 2025

JSON