Imperfect Security in Indian Motorcycle Scout Bobber and Tech 2025 Model
CVE-2026-49325

4.1MEDIUM

Key Information:

Vendor: Indian Motorcycle (polaris Inc.)
Status: Scout Bobber + Tech
Vendor: CVE Published:; 29 May 2026

🔔 Create Indian Motorcycle (polaris Inc.) Vulnerability Alert

What is CVE-2026-49325?

A vulnerability in the bike-shutdown control system of the Indian Motorcycle Scout Bobber and Tech 2025 model allows an attacker to exploit the communication between the Wireless Control Module (WCM) and the Engine Control Unit (ECU). This flaw permits a physical attacker with access to the WCM wiring harness to bypass the anti-theft shutdown mechanism, rendering the motorcycle operable without the rider's PIN. The issue arises from the receiving ECU's inability to differentiate between a legitimate shutdown signal and an open-circuit condition, enabling unauthorized control over the motorcycle.

Affected Version(s)

Scout Bobber + Tech OEM Motorcycle 2025

References

https://cwe.mitre.org/data/definitions/1384.html

technical-description

CVSS V4

Score:

4.1

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Physical

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 29, 2026
Vulnerability Reserved
May 29, 2026

Credit

Scott Sheahan, Rustic Security LLC

CVE-2026-49325 Data

JSON