BLE Decryption Vulnerability in Unitree Robotics
CVE-2025-60250

4.7MEDIUM

Key Information:

Vendor: Unitree
Status: Go2; G1; H1; B2
Vendor: CVE Published:; 26 September 2025

What is CVE-2025-60250?

Certain Unitree robotics devices, including Go2, G1, H1, and B2, have a vulnerability that enables attackers to decrypt sensitive BLE packet data. This occurs through the use of a specific cryptographic key and initialization vector, allowing unauthorized access to the transmitted information. This security flaw poses a risk as it may expose critical communications and data exchanged between devices, highlighting the need for prompt remediation.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

B2 0 <= 2025-09-20

G1 0 <= 2025-09-20

Go2 0 <= 2025-09-20

References

https://spectrum.ieee.org/unitree-robot-exploit

https://github.com/Bin4ry/UniPwn

https://news.ycombinator.com/item?id=45381590

CVSS V3.1

Score:

4.7

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Sep 26, 2025
Vulnerability Reserved
Sep 26, 2025

JSON

Unitree

What is CVE-2025-60250?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.