CVE-2025-60251
📋 TL;DR
This vulnerability allows authentication bypass on Unitree Go2, G1, H1, and B2 robots by accepting any handshake secret containing the substring 'unitree'. This affects all users of these robot models with firmware through September 20, 2025.
💻 Affected Systems
- Unitree Go2
- Unitree G1
- Unitree H1
- Unitree B2
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
An attacker could gain unauthorized control of the robot, potentially causing physical harm, property damage, or data exfiltration from connected systems.
Likely Case
Unauthorized access to robot functions, manipulation of movement/operations, or disabling of safety features without proper authentication.
If Mitigated
Limited impact if robots operate in isolated networks with strict access controls and physical security measures.
🎯 Exploit Status
The UniPwn tool demonstrates exploitation requiring only network access to the robot's authentication endpoint.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Firmware after 2025-09-20
Vendor Advisory: Not publicly available
Restart Required: Yes
Instructions:
1. Contact Unitree support for updated firmware. 2. Apply firmware update via official update mechanism. 3. Verify authentication now requires proper secret validation.
🔧 Temporary Workarounds
Network segmentation
allIsolate robots on separate VLANs with strict firewall rules to limit access.
Disable remote authentication
allDisable network authentication features if not required for operation.
🧯 If You Can't Patch
- Physically disconnect robots from networks when not in active use
- Implement strict physical access controls to prevent unauthorized network connections
🔍 How to Verify
Check if Vulnerable:
Attempt authentication with any secret containing 'unitree' substring to the robot's authentication endpoint.Check Version:
Check firmware version via robot's admin interface or Unitree control software.Verify Fix Applied:
Verify that authentication now fails with invalid secrets and requires proper validation.📡 Detection & Monitoring
Log Indicators:
- Failed authentication attempts with 'unitree' in secret
- Successful authentications from unexpected IPs
Network Indicators:
- Authentication requests to robot endpoints from unauthorized sources
- Unusual command traffic following authentication
SIEM Query:
source_ip OUTSIDE allowed_range AND dest_port IN [robot_auth_ports] AND payload CONTAINS 'unitree'