Yadea T5 Electric Bicycle
Summary
A critical vulnerability (CVE-2025-70994) has been identified in Yadea T5 Electric Bicycles, allowing attackers to unlock and start the bikes by intercepting and forging key fob transmissions. Successful exploitation could lead to vehicle theft. Yadea has not responded to coordination efforts, and users are advised to secure their bicycles with external mechanisms.
IFF Assessment
The vulnerability allows unauthorized control and theft of the electric bicycles, directly impacting their security and owner safety.
Severity
The CVSS score of 7.3 (HIGH) reflects the vulnerability's potential for significant impact, allowing for theft (Confidentiality: None, Integrity: High, Availability: High) with an adjacent attack vector and low attack complexity.
Defender Context
This highlights the growing security concerns for IoT devices, including electric vehicles and bicycles, which can be targeted through weak authentication mechanisms. Defenders should be aware of physical security risks posed by vulnerabilities in connected devices and the challenges of patching or mitigating issues when vendors are unresponsive.