CVE-2025-30118
Published: 25 March 2025
Summary
CVE-2025-30118 is a high-severity Use of Hard-coded Credentials (CWE-798) vulnerability. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Default Accounts (T1078.001); ranked in the top 41.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-10 (Concurrent Session Control) and AC-18 (Wireless Access).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
IA-5 mandates changing default authenticators prior to first use and managing their strength, directly countering the hard-coded default credentials shared across all devices.
AC-10 limits concurrent sessions per account, preventing attackers from occupying the sole available connection to deny owner access.
AC-18 requires authorization, authentication, and management of wireless access, mitigating exposure from the perpetually broadcast SSID and lack of proper multi-device authentication.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Vulnerability directly results from use of identical hard-coded default credentials with no multi-device auth, enabling unauthorized connection via T1078.001 Default Accounts. Exploitation monopolizes the sole connection to deny service, mapping to T1499.004 Application or System Exploitation for the resulting DoS impact.
NVD Description
An issue was discovered on the Audi Universal Traffic Recorder 2.88. It has Susceptibility to denial of service. It uses the same default credentials for all devices and does not implement proper multi-device authentication, allowing attackers to deny the owner…
more
access by occupying the only available connection. The SSID remains broadcast at all times, increasing exposure to potential attacks.
Deeper analysisAI
CVE-2025-30118 is a denial-of-service vulnerability affecting the Audi Universal Traffic Recorder version 2.88. The issue arises from the device's use of identical default credentials across all instances and the absence of proper multi-device authentication, which allows unauthorized parties to occupy the sole available connection and block legitimate owner access. The SSID is perpetually broadcast, heightening the device's discoverability. It carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) and maps to CWE-798 (Use of Hard-coded Credentials).
Remote attackers require no privileges or user interaction to exploit this flaw, needing only network proximity to detect and connect to the broadcast SSID. By authenticating with the universal default credentials, an attacker can monopolize the single connection, rendering the device inaccessible to the owner and achieving a high-impact denial of service without affecting confidentiality or integrity.
Mitigation guidance is available in the referenced advisory at https://github.com/geo-chen/Audi/blob/main/README.md#finding-1---cve-2025-30118-audi-utr-susceptibility-to-dos.
Details
- CWE(s)