CVE-2018-25029
CWE-757Published: February 4, 2022· Updated: Jun 17, 2026
Official Description
The Z-Wave specification requires that S2 security can be downgraded to S0 or other less secure protocols, allowing an attacker within radio range during pairing to downgrade and then exploit a different vulnerability (CVE-2013-20003) to intercept and spoof traffic.
Technical Analysis
CVE-2018-25029 requires adjacent network access, limiting remote exploitation but still posing risk in shared or local network environments.
The vulnerability requires no privileges and no user interaction, making it a prime target for automated exploitation campaigns and worm-like propagation.
A successful exploit results in complete confidentiality breach (data exposure), full integrity compromise (data manipulation), with a CVSS base score of 8.1.
CVSS v3.1 Vector Breakdown
Affected Vendors & Products
Exploit & PoC Resources
Official Patches & Advisories
All References (4)
Quick Facts
Related CVEs (CWE-757)
Recommended Actions
- →Apply vendor patches immediately
- →Monitor CVE-2018-25029 in threat intel feeds
- →Review IDS/IPS signatures for exploitation attempts