CVE-2025-56448 – The Positron PX360BT car alarm system is vulner... (How to Fix)

Q: What is the severity of CVE-2025-56448?

CVE-2025-56448 has a CVSS score of 6.8 (MEDIUM). The Positron PX360BT car alarm system is vulnerable to replay attacks due to improper rolling code implementation, allowing attackers to reuse captured transmissions to disarm vehicles. This affects all users of the PX360BT SW REV 8 system, potentially enabling vehicle theft despite anti-cloning claims.

📋 TL;DR

The Positron PX360BT car alarm system is vulnerable to replay attacks due to improper rolling code implementation, allowing attackers to reuse captured transmissions to disarm vehicles. This affects all users of the PX360BT SW REV 8 system, potentially enabling vehicle theft despite anti-cloning claims.

💻 Affected Systems

Products:

Positron PX360BT car alarm system

Versions: SW REV 8

Operating Systems: Embedded firmware

Default Config Vulnerable: ⚠️ Yes

Notes: All systems running the vulnerable firmware version are affected regardless of configuration.

📦 What is this software?

Px360bt Firmware by Positron

View all CVEs affecting Px360bt Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Vehicle theft by capturing and replaying disarm signals, leading to complete loss of vehicle and property.

🟠

Likely Case

Unauthorized vehicle access and theft using inexpensive radio equipment to capture and replay signals.

🟢

If Mitigated

Limited risk if physical security measures prevent signal capture or if alternative anti-theft systems are in place.

🌐 Internet-Facing: LOW

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires physical proximity to capture signals but doesn't require authentication to the alarm system.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not available

Vendor Advisory: https://positron.com.br/blog/positron-lanca-alarme-px360bt-starter/

Restart Required: No

Instructions:

Contact Positron support for firmware update availability and installation instructions.

🔧 Temporary Workarounds

Physical signal shielding

all

Use Faraday pouches or shielded containers for key fobs when not in use to prevent signal capture.

Supplemental security measures

all

Install additional physical anti-theft devices (steering wheel locks, kill switches) as defense-in-depth.

🧯 If You Can't Patch

Consider replacing the alarm system with a model that implements proper rolling code security
Implement strict physical security controls and monitoring for vehicles using this system

🔍 How to Verify

Check if Vulnerable:

Check firmware version in alarm system settings or consult manufacturer documentation for SW REV 8 identification.

Check Version:

Not applicable - check through alarm system interface or manufacturer documentation

Verify Fix Applied:

Verify firmware has been updated to a version beyond SW REV 8 through system settings or manufacturer confirmation.

📡 Detection & Monitoring

Log Indicators:

Repeated disarm signals from same code sequence
Unusual disarm patterns

Network Indicators:

RF signal capture devices detected near vehicles
Repeated identical RF transmissions

SIEM Query:

Not applicable - primarily physical/radio frequency attack vector

📊 Metadata

CVE ID: CVE-2025-56448

CVSS v3 Score: 6.8 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-294

EPSS Score: 0.03% exploit probability (8.2th percentile)

Published: September 15, 2025

Last Updated: October 14, 2025

🔗 References

https://medium.com/@wagneralves_87750/cve-2025-56448-replay-attack-vulnerability-in-positron-px360bt-car-alarm-system-c9f1ccea6ebe Exploit,Third Party Advisory
https://positron.com.br/blog/positron-lanca-alarme-px360bt-starter/ Product

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-56448, you might also want to check these: