CVE-2025-45466

HIGH

Unitree Go1 <= Go1_2022_05_11 - Incorrect Access Control via Hard-coded Credentials

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-45466. PoCs published by zgsnj123.

AI-analyzed exploit summary CVE-2025-45466 details a vulnerability in Unitree Go1 robotic dog firmware where hardcoded plaintext credentials in `/run.sh` allow unauthorized SSH/SCP access, leading to RCE, privilege escalation, and information disclosure.

Description

Unitree Go1 <= Go1_2022_05_11 is vulnerale to Incorrect Access Control due to authentication credentials being hardcoded in plaintext.

Exploits (1)

nomisec WRITEUP 1 stars

by zgsnj123 · poc

https://github.com/zgsnj123/CVE-2025-45466

View Code ZIP pw:eip

CVE-2025-45466 details a vulnerability in Unitree Go1 robotic dog firmware where hardcoded plaintext credentials in `/run.sh` allow unauthorized SSH/SCP access, leading to RCE, privilege escalation, and information disclosure.

Classification

Writeup 90%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: Unitree Go1 (all versions <= Go1_2022_05_11)

No auth needed

Prerequisites: Access to firmware file · Network or physical access to the robot

MITRE ATT&CK

T1078 - Valid Accounts T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Exploit, Third Party Advisory

https://github.com/zgsnj123/CVE-2025-45466

Product

https://www.unitree.com/cn/go1

Scores

CVSS v3 8.8

EPSS 0.0057

EPSS Percentile 42.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-798

Status published

Products (1)

unitree/go1_firmware

Published Jul 25, 2025

Tracked Since Feb 18, 2026