CVE-2025-6029

Name of the Vulnerable Software and Affected Versions KIA-branded Aftermarket Generic Smart Keyless Entry System versions 2022 through 2025

Description The issue is related to the use of fixed learning codes in the Key Fob Transmitter, which allows a replay attack. This affects KIA vehicles in Ecuador, primarily those using outdated key fobs with vulnerable chips. Attackers can exploit this to unlock vehicles remotely. The estimated number of affected devices is not specified.

Recommendations For KIA-branded Aftermarket Generic Smart Keyless Entry System versions 2022 through 2025, consider disabling the keyless entry feature until a patch is available. Restrict access to the key fob transmitter to minimize the risk of exploitation. Avoid using the vulnerable chips HS2240 and EV1527 in the key fobs until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.