Authentication Bypass in Unitree Robotics Products
CVE-2025-60251

5MEDIUM

Key Information:

Vendor: Unitree
Status: Go2; G1; H1; B2
Vendor: CVE Published:; 26 September 2025

What is CVE-2025-60251?

The vulnerability found in Unitree Robotics devices allows an attacker to bypass intended authentication mechanisms by accepting any handshake secret that contains the 'unitree' substring. This exploit can compromise device integrity and expose users to unauthorized control and potential threats, making it critical for users to take immediate action to secure their systems.

Affected Version(s)

B2 0 <= 2025-09-20

G1 0 <= 2025-09-20

Go2 0 <= 2025-09-20

References

https://spectrum.ieee.org/unitree-robot-exploit

https://github.com/Bin4ry/UniPwn

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Adjacent Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 26, 2025
Vulnerability Reserved
Sep 26, 2025

JSON