6.6
CVE-2025-2894
- EPSS 0.7%
- Veröffentlicht 28.03.2025 03:15:18
- Zuletzt bearbeitet 12.01.2026 16:10:59
- Quelle cve@takeonme.org
- CVE-Watchlists
- Unerledigt
Unitree Go1 Robot Dog Backdoor Control Channel
The Go1 also known as "The World's First Intelligence Bionic Quadruped Robot Companion of Consumer Level," contains an undocumented backdoor that can enable the manufacturer, and anyone in possession of the correct API key, complete remote control over the affected robotic device using the CloudSail remote access service.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Unitree ≫ Go1 Firmware Version-
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.7% | 0.485 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| cve@takeonme.org | 6.6 | 0.7 | 5.9 |
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
|
CWE-912 Hidden Functionality
The product contains functionality that is not documented, not part of the specification, and not accessible through an interface or command sequence that is obvious to the product's users or administrators.
https://github.com/MAVProxyUser/YushuTechUnitreeGo1/blob/main/Unitree_report.pdf
https://github.com/unitreerobotics/unitree_ros/issues/120
https://takeonme.org/cves/cve-2025-2894/
https://x.com/d0tslash/status/1730989109332607208
https://www.axios.com/2025/04/01/threat-spotlight-backdoor-in-chinese-robots-future-of-cybersecurity