CVE-2025-35027

Name: CVE-2025-35027
Creator: NVD / NIST
Published: 2025-09-26T07:15:41.413+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

HIGHCVSS 7.3/10EPSS 2.28%

Last modified Jun 17, 2026

CVE-2025-35027 is a high-severity vulnerability rated 7.3/10 on the CVSS scale. Multiple robotic products by Unitree sharing a common firmware, including the Go2, G1, H1, and B2 devices, contain a command injection vulnerability. By setting a malicious string when configuring the on-board WiFi via a BLE module of an affected robot, then triggering a restart of the WiFi service, an attacker can ultimately trigger commands to be run as root via the wpa_supplicant_restart.sh shell script. All Unitree models use firmware derived from the same codebase (MIT Cheetah), and the two major forks are the G1 (humanoid) and Go2 (quadruped) branches.. EPSS estimates a 2.28% chance of exploitation in the next 30 days.

Description

Multiple robotic products by Unitree sharing a common firmware, including the Go2, G1, H1, and B2 devices, contain a command injection vulnerability. By setting a malicious string when configuring the on-board WiFi via a BLE module of an affected robot, then triggering a restart of the WiFi service, an attacker can ultimately trigger commands to be run as root via the wpa_supplicant_restart.sh shell script. All Unitree models use firmware derived from the same codebase (MIT Cheetah), and the two major forks are the G1 (humanoid) and Go2 (quadruped) branches.

Metrics

CVSS 3.1

7.3/10

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

EPSS Probability

2.28%

80.9th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-78

Affected Software

Vendor	Product	Versions
Unitree	G1 Firmware	<= 1.4.4
Unitree	Go2 Firmware	<= 1.1.8
Unitree	H1 Firmware	<= 1.4.4
Unitree	B2 Firmware	<= 1.1.8

References

https://github.com/Bin4ry/UniPwnExploit, Technical Description
https://spectrum.ieee.org/unitree-robot-exploitPress/Media Coverage
https://takeonme.org/cves/cve-2025-35027Exploit, Third Party Advisory
https://www.cve.org/cverecord?id=CVE-2025-60017Third Party Advisory
https://www.cve.org/cverecord?id=CVE-2025-60250Third Party Advisory
https://x.com/committeeonccp/status/1971250635548033311Press/Media Coverage
https://github.com/Bin4ry/UniPwnExploit, Technical Description

Timeline

Published: Sep 26, 2025
Last Modified: Jun 17, 2026
Status: Analyzed

Frequently Asked Questions

What is CVE-2025-35027?

How severe is CVE-2025-35027?

CVE-2025-35027 has a CVSS score of 7.3/10 (HIGH severity). The EPSS model estimates a 2.28% probability of exploitation in the next 30 days.

How do I fix CVE-2025-35027?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2025-35027?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST