CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2025-6030: Autoeastern Smart Keyless Entry System Replay Attack

9.4 CVSS

Description

Use of fixed learning codes, one code to lock the car and the other code to unlock it, in the Key Fob Transmitter in Cyclone Matrix TRF Smart Keyless Entry System, which allows a replay attack.

Research was completed on the 2024 KIA Soluto. Attack confirmed on other KIA Models in Ecuador.

Classification

CVE ID: CVE-2025-6030

CVSS Base Severity: CRITICAL

CVSS Base Score: 9.4

CVSS Vector: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/AU:N

Problem Types

CWE-307 Improper Restriction of Excessive Authentication Attempts CWE-294 Authentication Bypass by Capture-replay

Affected Products

Vendor: Autoeastern

Product: Cyclone Matrix TRF

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.02% (probability of being exploited)

EPSS Percentile: 3.64% (scored less or equal to compared to others)

EPSS Date: 2025-06-30 (when was this score calculated)

Stakeholder-Specific Vulnerability Categorization (SSVC)

SSVC Exploitation: none

SSVC Technical Impact: total

SSVC Automatable: false

References

https://nvd.nist.gov/vuln/detail/CVE-2025-6030
https://revers3everything.com/unlocking-thousands-of-cars-by-exploiting-learning-codes-from-key-fobs/
https://asrg.io/security-advisories/cve-2025-6030-autoeastern-smart-keyless-entry-system-replay-attack/

Timeline

2025-06-13 15:40:09 UTC
CVE

Autoeastern Smart Keyless Entry System Replay Attack