CVE-2025-70994
CWE-1390Published: April 23, 2026· Updated: Apr 24, 2026
Official Description
Yadea T5 Electric Bicycles (models manufactured in/after 2024) have a weak authentication mechanism in their keyless entry system. The system utilizes the EV1527 fixed-code RF protocol without implementing rolling codes or cryptographic challenge-response mechanisms. This is vulnerable to signal forgery after a local attacker intercepts any legitimate key fob transmission, allowing for complete unauthorized vehicle operation via a replay attack.
Technical Analysis
CVE-2025-70994 requires adjacent network access, limiting remote exploitation but still posing risk in shared or local network environments.
Exploitation does not require any privileges, though user interaction (Required) is needed, which slightly reduces the risk of mass automated attacks.
A successful exploit results in full integrity compromise (data manipulation), availability disruption (denial of service), with a CVSS base score of 7.3.
CVSS v3.1 Vector Breakdown
Exploit & PoC Resources
News & Research Mentioning CVE-2025-70994
View CSAF Summary Successful exploitation of this vulnerability could result in an attacker being able to unlock and start the bicycle, leading to vehicle theft. The following versions of Yadea T5 Electric Bicycle are affected: T5 Electric Bicycle vers:all/* (CVE-2025-70994) CVSS Vendor Equipment Vulnerabilities v3 7.3 Yadea Yadea T5 Electric Bicycle Weak Authentication Background Critical Infrastructure Sectors: Transportation Systems Countries/Areas Deployed: Worldwide Company Headquarters Location: China Vulnerabilities Expand All + CVE-2025-70994 Yadea T5 Electric Bicycles have a weak authentication mechanism which is vulnerable to signal forgery after a local attacker intercepts any legitimate key fob transmissions. View CVE Details Affected Pro [xlite_meta score:73 src:CISA Alerts xlite_fp:693b75a2670178693f5f07d495f4107dd04ca8436658c235e72baa4161d01b3d]
All References (3)
Quick Facts
Known Threat Actors
Related CVEs (CWE-1390)
Recommended Actions
- →Apply vendor patches immediately
- →Monitor CVE-2025-70994 in threat intel feeds
- →Review IDS/IPS signatures for exploitation attempts