CVE-2025-2894

Published Mar 28, 2025

Last updated 2 days ago

CVSS medium 6.6

Overview

Description
The Go1 also known as "The World's First Intelligence Bionic Quadruped Robot Companion of Consumer Level," contains an undocumented backdoor that can enable the manufacturer, and anyone in possession of the correct API key, complete remote control over the affected robotic device using the CloudSail remote access service.
Source
cve@takeonme.org
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
6.6
Impact score
5.9
Exploitability score
0.7
Vector string
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Severity
MEDIUM

Weaknesses

cve@takeonme.org
CWE-912

Social media

Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.

Hype score

1

  1. Cão-robô da Unitree vem com backdoor não documentado ATIVADO de fábrica, sem o consentimento dos clientes! (CVE-2025-2894) https://t.co/zDI5vQe8qn

    @finewrist

    5 Apr 2025

    34 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References