CVE-2025-67133
📋 TL;DR
A vulnerability in Hero Motocorp Vida V1 Pro 2.0.7 allows local attackers to cause denial of service via the Bluetooth Low Energy (BLE) component. This affects users of the Vida V1 Pro electric scooter's companion software/app. Attackers within Bluetooth range can disrupt functionality without authentication.
💻 Affected Systems
- Hero Motocorp Vida V1 Pro
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete service disruption of the Vida V1 Pro system, potentially affecting scooter functionality, connectivity, or safety features.
Likely Case
Temporary unavailability of BLE-dependent features like app connectivity, remote controls, or status monitoring.
If Mitigated
Limited impact with proper network segmentation and Bluetooth security controls.
🎯 Exploit Status
Exploitation requires attacker to be within Bluetooth range (typically ~10 meters). No authentication needed for BLE connection attempts.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Unknown
Vendor Advisory: http://hero.com
Restart Required: No
Instructions:
1. Check Hero Motocorp website/app store for updates. 2. Update Vida V1 Pro app to latest version. 3. Verify version number after update.
🔧 Temporary Workarounds
Disable Bluetooth when not in use
allTurn off Bluetooth on mobile device when not actively using Vida V1 Pro features
Limit Bluetooth visibility
allSet Bluetooth to non-discoverable mode to reduce attack surface
🧯 If You Can't Patch
- Use Vida V1 Pro in areas with controlled physical access to limit Bluetooth range exposure
- Monitor for unusual Bluetooth connection attempts or app crashes
🔍 How to Verify
Check if Vulnerable:
Check app version in Vida V1 Pro settings - if version is 2.0.7, system is vulnerableCheck Version:
Check within Vida V1 Pro app settings menuVerify Fix Applied:
Update app and verify version number is higher than 2.0.7📡 Detection & Monitoring
Log Indicators:
- Multiple failed BLE connection attempts
- App crashes or unexpected restarts
- Unusual Bluetooth pairing requests
Network Indicators:
- Abnormal BLE traffic patterns
- Repeated connection attempts from unknown MAC addresses
SIEM Query:
Not applicable - primarily local Bluetooth-based attack