cvedb.io
CVE-2025-35027
HIGH · CVSS 7.3
EPSS exploitation probability: 0%
Published 2025-09-26T07:15:41.413 · Last modified 2026-06-17T09:14:13.713

Summary

Multiple robotic products by Unitree sharing a common firmware, including the Go2, G1, H1, and B2 devices, contain a command injection vulnerability. By setting a malicious string when configuring the on-board WiFi via a BLE module of an affected robot, then triggering a restart of the WiFi service, an attacker can ultimately trigger commands to be run as root via the wpa_supplicant_restart.sh shell script. All Unitree models use firmware derived from the same codebase (MIT Cheetah), and the two major forks are the G1 (humanoid) and Go2 (quadruped) branches.

Affected products

unitree — g1_firmware

Does this affect you?

Add your gear to cvedb and we'll alert you only when unitree ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.