CVE-2025-6666

2.0 LOW

📋 TL;DR

This vulnerability in motogadget mo.lock Ignition Lock devices allows attackers to exploit a hard-coded cryptographic key in the NFC Handler component, potentially enabling unauthorized access to the physical ignition system. The attack requires physical proximity to the device and is considered difficult to execute. Only users of motogadget mo.lock Ignition Lock devices are affected.

💻 Affected Systems

Products:

• motogadget mo.lock Ignition Lock

Versions: Up to 20251125

Operating Systems: Embedded firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects physical ignition lock devices with NFC functionality; requires physical access to exploit.

⚠️ Manual Verification Required

This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.

Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).

🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.

Recommended Actions:

1. Review the CVE details at NVD
2. Check vendor security advisories for your specific version
3. Test if the vulnerability is exploitable in your environment
4. Consider updating to the latest version as a precaution

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker with physical access could bypass the ignition lock security entirely, allowing unauthorized vehicle starting and potential theft.

🟠

Likely Case

Limited risk due to high complexity and physical access requirements; most likely minimal real-world exploitation.

🟢

If Mitigated

With physical security controls and monitoring, impact is minimal as exploitation requires direct device access.

🌐 Internet-Facing: LOW - This is a physical device vulnerability requiring direct access, not network-based.

🏢 Internal Only: LOW - The vulnerability requires physical proximity to the ignition lock device itself.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: HIGH

Exploitation requires physical access to the device and knowledge of the hard-coded key manipulation technique.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available - vendor did not respond to disclosure

Restart Required: No

Instructions:

No official patch available. Contact motogadget for firmware updates or replacement options.

🔧 Temporary Workarounds

Physical Security Enhancement

all

Increase physical security measures around vehicles using affected ignition locks

NFC Disablement

all

Disable NFC functionality if not required (if device supports this)

🧯 If You Can't Patch

• Implement additional physical security layers (steering wheel locks, garage security)
• Monitor for unauthorized access attempts and consider replacing affected devices

🔍 How to Verify

Check if Vulnerable:

Copy

Check device firmware version; if version is 20251125 or earlier, device is vulnerable

Check Version:

Copy

Check device documentation or contact manufacturer for version verification procedure

Verify Fix Applied:

Copy

Verify firmware version has been updated beyond 20251125

📡 Detection & Monitoring

Log Indicators:

• Unusual NFC access attempts if device logs are available

Network Indicators:

• None - physical device only

SIEM Query:

Copy

Not applicable - physical device vulnerability

📊 Metadata

CVE ID: CVE-2025-6666

CVSS v3 Score: 2.0 (LOW)

CVSS Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE: CWE-320

EPSS Score: 0.02% exploit probability (4.1th percentile)

Published: November 29, 2025

Last Updated: December 1, 2025

🔗 References

• https://office.dngr.us/s/iZHrwtf2xRPoeJj/download
• https://vuldb.com/?ctiid.333785
• https://vuldb.com/?id.333785
• https://vuldb.com/?submit.701162

📤 Share & Export

Twitter LinkedIn Reddit Copy Link

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-6666, you might also want to check these:

CVE-2021-26322 7.5

This vulnerability in AMD platform security processors (PSP) allows potential recovery of encrypted ...

Same vulnerability type (CWE-320)

CVE-2023-21626 7.1

This cryptographic vulnerability in Qualcomm's HLOS (High-Level Operating System) allows improper au...

Same vulnerability type (CWE-320)

CVE-2024-40593 6.0

This vulnerability allows authenticated administrators on affected Fortinet devices to retrieve cert...

Same vulnerability type (CWE-320)