CVE-2025-6030 - Vulnerability Details - OpenCVE

Use of fixed learning codes, one code to lock the car and the other code to unlock it, in the Key Fob Transmitter in Cyclone Matrix TRF Smart Keyless Entry System, which allows a replay attack. Research was completed on the 2024 KIA Soluto. Attack confirmed on other KIA Models in Ecuador.

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact High

Subsequent System Integrity Impact High

Subsequent System Availability Impact High

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

No data.

No data.

No data.

References

Link	Providers
https://asrg.io/security-advisories/cve-2025-6030-autoeastern-smart-keyless-entry-system-replay-attack/
https://revers3everything.com/unlocking-thousands-of-cars-by-exploiting-learning-codes-from-key-fobs/

History

Fri, 13 Jun 2025 15:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Fri, 13 Jun 2025 14:45:00 +0000

Type	Values Removed	Values Added
Description		Use of fixed learning codes, one code to lock the car and the other code to unlock it, in the Key Fob Transmitter in Cyclone Matrix TRF Smart Keyless Entry System, which allows a replay attack. Research was completed on the 2024 KIA Soluto. Attack confirmed on other KIA Models in Ecuador.
Title		Autoeastern Smart Keyless Entry System Replay Attack
Weaknesses		CWE-294 CWE-307
References		https://asrg.io/security-advisories/cve-2025-6030-autoeastern-smart-keyless-entry-system-replay-attack/ https://revers3everything.com/unlocking-thousands-of-cars-by-exploiting-learning-codes-from-key-fobs/
Metrics		cvssV4_0 `{'score': 9.4, 'vector': 'CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/AU:N'}`

MITRE

Status: PUBLISHED

Assigner: ASRG

Published: 2025-06-13T14:38:58.103Z

Updated: 2025-06-13T14:51:37.000Z

Reserved: 2025-06-12T14:11:08.030Z

Link: CVE-2025-6030

Vulnrichment

Updated: 2025-06-13T14:51:34.278Z

NVD

Status : Awaiting Analysis

Published: 2025-06-13T15:15:21.600

Modified: 2025-06-16T12:32:18.840

Link: CVE-2025-6030

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-6030", "assignerOrgId": "c15abc07-96a9-4d11-a503-5d621bfe42ba", "state": "PUBLISHED", "assignerShortName": "ASRG", "dateReserved": "2025-06-12T14:11:08.030Z", "datePublished": "2025-06-13T14:38:58.103Z", "dateUpdated": "2025-06-13T14:51:37.000Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Cyclone Matrix TRF", "vendor": "Autoeastern", "versions": [{"changes": [{"at": "L-ALARMATRF-001", "status": "unaffected"}], "lessThanOrEqual": "2025", "status": "affected", "version": "2024", "versionType": "date"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Danilo Erazo"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Use of fixed learning codes, one code to lock the car and the other code to unlock it, in the Key Fob Transmitter in Cyclone Matrix TRF Smart Keyless Entry System, which allows a replay attack.<br><br>Research was completed on the 2024 KIA Soluto.  Attack confirmed on other KIA Models in Ecuador. "}], "value": "Use of fixed learning codes, one code to lock the car and the other code to unlock it, in the\u00a0Key Fob Transmitter in Cyclone Matrix TRF\u00a0Smart Keyless Entry System, which allows a replay attack.\n\nResearch was completed on the 2024 KIA Soluto.\u00a0 Attack confirmed on other KIA Models in Ecuador."}], "impacts": [{"capecId": "CAPEC-115", "descriptions": [{"lang": "en", "value": "CAPEC-115 Authentication Bypass"}]}, {"capecId": "CAPEC-112", "descriptions": [{"lang": "en", "value": "CAPEC-112 Brute Force"}]}, {"capecId": "CAPEC-117", "descriptions": [{"lang": "en", "value": "CAPEC-117 Interception"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NO", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "ADJACENT", "baseScore": 9.4, "baseSeverity": "CRITICAL", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/AU:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-307", "description": "CWE-307 Improper Restriction of Excessive Authentication Attempts", "lang": "en", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-294", "description": "CWE-294 Authentication Bypass by Capture-replay", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "c15abc07-96a9-4d11-a503-5d621bfe42ba", "shortName": "ASRG", "dateUpdated": "2025-06-13T14:38:58.103Z"}, "references": [{"tags": ["related"], "url": "https://revers3everything.com/unlocking-thousands-of-cars-by-exploiting-learning-codes-from-key-fobs/"}, {"tags": ["third-party-advisory"], "url": "https://asrg.io/security-advisories/cve-2025-6030-autoeastern-smart-keyless-entry-system-replay-attack/"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<ul><li>Replace the current Keyless Entry System (KES) with one that utilizes rolling code technology (L-ALARMATRF-001)</li><li>Avoid using key fobs with fixed or learning code systems.</li></ul>"}], "value": "* Replace the current Keyless Entry System (KES) with one that utilizes rolling code technology (L-ALARMATRF-001)\n * Avoid using key fobs with fixed or learning code systems."}], "source": {"discovery": "EXTERNAL"}, "title": "Autoeastern Smart Keyless Entry System Replay Attack", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-06-13T14:51:32.465517Z", "id": "CVE-2025-6030", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-13T14:51:37.000Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-6030", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-06-13T14:51:32.465517Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-13T14:51:34.278Z"}}], "cna": {"title": "Autoeastern Smart Keyless Entry System Replay Attack", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Danilo Erazo"}], "impacts": [{"capecId": "CAPEC-115", "descriptions": [{"lang": "en", "value": "CAPEC-115 Authentication Bypass"}]}, {"capecId": "CAPEC-112", "descriptions": [{"lang": "en", "value": "CAPEC-112 Brute Force"}]}, {"capecId": "CAPEC-117", "descriptions": [{"lang": "en", "value": "CAPEC-117 Interception"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 9.4, "Automatable": "NO", "attackVector": "ADJACENT", "baseSeverity": "CRITICAL", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/AU:N", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Autoeastern", "product": "Cyclone Matrix TRF", "versions": [{"status": "affected", "changes": [{"at": "L-ALARMATRF-001", "status": "unaffected"}], "version": "2024", "versionType": "date", "lessThanOrEqual": "2025"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "* Replace the current Keyless Entry System (KES) with one that utilizes rolling code technology (L-ALARMATRF-001)\n * Avoid using key fobs with fixed or learning code systems.", "supportingMedia": [{"type": "text/html", "value": "<ul><li>Replace the current Keyless Entry System (KES) with one that utilizes rolling code technology (L-ALARMATRF-001)</li><li>Avoid using key fobs with fixed or learning code systems.</li></ul>", "base64": false}]}], "references": [{"url": "https://revers3everything.com/unlocking-thousands-of-cars-by-exploiting-learning-codes-from-key-fobs/", "tags": ["related"]}, {"url": "https://asrg.io/security-advisories/cve-2025-6030-autoeastern-smart-keyless-entry-system-replay-attack/", "tags": ["third-party-advisory"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Use of fixed learning codes, one code to lock the car and the other code to unlock it, in the\u00a0Key Fob Transmitter in Cyclone Matrix TRF\u00a0Smart Keyless Entry System, which allows a replay attack.\n\nResearch was completed on the 2024 KIA Soluto.\u00a0 Attack confirmed on other KIA Models in Ecuador.", "supportingMedia": [{"type": "text/html", "value": "Use of fixed learning codes, one code to lock the car and the other code to unlock it, in the Key Fob Transmitter in Cyclone Matrix TRF Smart Keyless Entry System, which allows a replay attack.<br><br>Research was completed on the 2024 KIA Soluto.  Attack confirmed on other KIA Models in Ecuador. ", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-307", "description": "CWE-307 Improper Restriction of Excessive Authentication Attempts"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-294", "description": "CWE-294 Authentication Bypass by Capture-replay"}]}], "providerMetadata": {"orgId": "c15abc07-96a9-4d11-a503-5d621bfe42ba", "shortName": "ASRG", "dateUpdated": "2025-06-13T14:38:58.103Z"}}}, "cveMetadata": {"cveId": "CVE-2025-6030", "state": "PUBLISHED", "dateUpdated": "2025-06-13T14:51:37.000Z", "dateReserved": "2025-06-12T14:11:08.030Z", "assignerOrgId": "c15abc07-96a9-4d11-a503-5d621bfe42ba", "datePublished": "2025-06-13T14:38:58.103Z", "assignerShortName": "ASRG"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Use of fixed learning codes, one code to lock the car and the other code to unlock it, in the\u00a0Key Fob Transmitter in Cyclone Matrix TRF\u00a0Smart Keyless Entry System, which allows a replay attack.\n\nResearch was completed on the 2024 KIA Soluto.\u00a0 Attack confirmed on other KIA Models in Ecuador."}, {"lang": "es", "value": "Uso de c\u00f3digos de aprendizaje fijos, uno para bloquear el veh\u00edculo y otro para desbloquearlo, en el transmisor de llavero del sistema de entrada sin llave inteligente Cyclone Matrix TRF, lo que permite un ataque repetido. Se realiz\u00f3 una investigaci\u00f3n en el KIA Soluto 2024. Se confirm\u00f3 el ataque en otros modelos de KIA en Ecuador."}], "id": "CVE-2025-6030", "lastModified": "2025-06-16T12:32:18.840", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NO", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "ADJACENT", "availabilityRequirement": "NOT_DEFINED", "baseScore": 9.4, "baseSeverity": "CRITICAL", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cve@asrg.io", "type": "Secondary"}]}, "published": "2025-06-13T15:15:21.600", "references": [{"source": "cve@asrg.io", "url": "https://asrg.io/security-advisories/cve-2025-6030-autoeastern-smart-keyless-entry-system-replay-attack/"}, {"source": "cve@asrg.io", "url": "https://revers3everything.com/unlocking-thousands-of-cars-by-exploiting-learning-codes-from-key-fobs/"}], "sourceIdentifier": "cve@asrg.io", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-294"}, {"lang": "en", "value": "CWE-307"}], "source": "cve@asrg.io", "type": "Secondary"}]}