CVE-2025-70994
Published: 23 April 2026
Summary
CVE-2025-70994 is a high-severity Weak Authentication (CWE-1390) vulnerability. Its CVSS base score is 7.3 (High).
Operationally, ranked at the 15.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-18 (Wireless Access) and IA-3 (Device Identification and Authentication).
Deeper analysis
CVE-2025-70994 is a vulnerability in the keyless entry system of Yadea T5 Electric Bicycles manufactured in or after 2024. The system relies on the EV1527 fixed-code RF protocol, which lacks rolling codes or cryptographic challenge-response mechanisms. This weak authentication enables signal forgery via replay attacks after an attacker intercepts any legitimate key fob transmission.
A physically proximate attacker with adjacent network access (AV:A) and no privileges (PR:N) can exploit this vulnerability. By capturing a valid RF signal from a key fob and replaying it, the attacker achieves complete unauthorized operation of the vehicle, resulting in high impacts to integrity (I:H) and availability (A:H) with no confidentiality impact (C:N). The attack has low complexity (AC:L) but requires user interaction (UI:R), as scored at CVSS 7.3 (CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H) and mapped to CWE-1390.
GitHub repositories at https://github.com/ktauchathuranga/CVE-2025-70994 and https://github.com/ktauchathuranga/ghost-keys provide details on the vulnerability, including proof-of-concept code for demonstration. No vendor advisories or patches are referenced in the available information.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-209567
Vulnerability details
Yadea T5 Electric Bicycles (models manufactured in/after 2024) have a weak authentication mechanism in their keyless entry system. The system utilizes the EV1527 fixed-code RF protocol without implementing rolling codes or cryptographic challenge-response mechanisms. This is vulnerable to signal forgery…
more
after a local attacker intercepts any legitimate key fob transmission, allowing for complete unauthorized vehicle operation via a replay attack.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Insufficient information to map techniques.CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Mandates that authenticators such as the EV1527 fixed-code RF signals have sufficient strength of mechanism to resist replay attacks by requiring rolling codes or cryptographic challenge-response.
Requires the bicycle system to identify and authenticate key fob devices using strong authenticators, preventing unauthorized operation from intercepted and replayed signals.
Establishes authentication and encryption requirements for wireless access, directly mitigating the weak fixed-code RF protocol vulnerable to local signal forgery.