cvedb.io
CVE-2025-2894
MEDIUM · CVSS 6.6
EPSS exploitation probability: 0%
Published 2025-03-28T03:15:18.780 · Last modified 2026-06-17T09:07:48.727

Summary

The Go1 also known as "The World's First Intelligence Bionic Quadruped Robot Companion of Consumer Level," contains an undocumented backdoor that can enable the manufacturer, and anyone in possession of the correct API key, complete remote control over the affected robotic device using the CloudSail remote access service.

Affected products

unitree — go1_firmware

Does this affect you?

Add your gear to cvedb and we'll alert you only when unitree ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.