CVE-2025-30117
Last modified
CVE-2025-30117 is a high-severity vulnerability rated 7.3/10 on the CVSS scale. An issue was discovered on the Forvia Hella HELLA Driving Recorder DR 820. Managing Settings and Obtaining Sensitive Data and Sabotaging the Car Battery can be performed by unauthorized parties. EPSS estimates a 0.35% chance of exploitation in the next 30 days.
Description
An issue was discovered on the Forvia Hella HELLA Driving Recorder DR 820. Managing Settings and Obtaining Sensitive Data and Sabotaging the Car Battery can be performed by unauthorized parties. After bypassing the device pairing, an attacker can obtain sensitive user and vehicle information through the settings interface. Remote attackers can modify power management settings, disable recording, delete stored footage, and turn off battery protection, leading to potential denial-of-service conditions and vehicle battery drainage.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Hella | Dr 820 Firmware | All versions |
References
- https://github.com/geo-chen/HellaThird Party Advisory
- https://medium.com/@geochen/cve-draft-hella-driving-recorder-dr-820-ff8c4e2cca26Permissions Required
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2025-30117?
How severe is CVE-2025-30117?
How do I fix CVE-2025-30117?
Are you affected by CVE-2025-30117?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST