CVE-2025-6029 CRITICAL

CVE-2025-6029: KIA-branded Aftermarket Generic Smart Keyless Entry System Replay Attack

Vendor Kia
Product Aftermarket Generic Smart Keyless Entry System
Weakness CWE-307 · Brute force
Published June 13, 2025
Last update June 13, 2025

CVSS base score

9.4/10
Attack vector Adjacent
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/AU:N

What the vulnerability does

01Description

Use of fixed learning codes, one code to lock the car and the other code to unlock it, the Key Fob Transmitter in KIA-branded Aftermarket Generic Smart Keyless Entry System, primarily distributed in Ecuador, which allows a replay attack. Manufacture is unknown at the time of release.  CVE Record will be updated once this is clarified.

Key dates

02Disclosure timeline

June 13, 2025 CVE published
June 13, 2025 Record updated