Replay Attack Vulnerability in KIA Smart Keyless Entry System
CVE-2025-6030

9.4CRITICAL

Key Information:

Vendor: Autoeastern
Status: Cyclone Matrix Trf
Vendor: CVE Published:; 13 June 2025

🔔 Create Autoeastern Vulnerability Alert

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2025-6030?

The Cyclone Matrix TRF Smart Keyless Entry System employed by KIA utilizes fixed learning codes for locking and unlocking vehicles. This implementation is vulnerable to replay attacks, where an attacker can intercept and replay the signals sent by the key fob, enabling unauthorized access to the vehicle. Research has confirmed that this vulnerability is applicable not only to the 2024 KIA Soluto but also to various other KIA models. This flaw poses a significant risk to vehicle security, prompting a need for immediate attention and remediation.

Affected Version(s)

Cyclone Matrix TRF 2024 <= 2025

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-6030 - Proof of Concept

References

https://revers3everything.com/unlocking-thousands-of-cars...

https://asrg.io/security-advisories/cve-2025-6030-autoeas...

third-party-advisory

CVSS V4

Score:

9.4

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Jun 13, 2025
👾
Exploit known to exist
Jun 13, 2025
Vulnerability published
Jun 13, 2025
Vulnerability Reserved
Jun 12, 2025

Credit

Danilo Erazo