PT-2025-39470 · Unknown · Unitree Go 1 +3

Published

2025-09-26

Updated

2025-09-26

CVE-2025-60250

CVSS v3.1

4.7

Vector

AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N

**Name of the Vulnerable Software and Affected Versions**

Unitree Go2, G1, H1, and B2 devices through 2025-09-20

**Description**

The devices decrypt Bluetooth Low Energy (BLE) packet data using a fixed key (`df98b715d5c6ed2b25817b6f2554124a`) and Initialization Vector (IV) (`2841ae97419c2973296a0d4bdfe19a4f`). This allows for decryption of BLE packet data.

**Recommendations**

At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-321

Related Identifiers

CVE-2025-60250

Affected Products

Unitree B2

Unitree Go 1

Unitree Go2

Unitree H1

PT-2025-39470 · Unknown · Unitree Go 1 +3

Weakness Enumeration

Related Identifiers

Affected Products

References · 7