Unrated severityNVD Advisory· Published Sep 26, 2025· Updated Oct 7, 2025

Unitree Multiple Robotic Products Command Injection

CVE-2025-35027

Description

Multiple robotic products by Unitree sharing a common firmware, including the Go2, G1, H1, and B2 devices, contain a command injection vulnerability. By setting a malicious string when configuring the on-board WiFi via a BLE module of an affected robot, then triggering a restart of the WiFi service, an attacker can ultimately trigger commands to be run as root via the wpa_supplicant_restart.sh shell script. All Unitree models use firmware derived from the same codebase (MIT Cheetah), and the two major forks are the G1 (humanoid) and Go2 (quadruped) branches.

Affected products

Unitree Robotics/G1llm-create
Unitree Robotics/H1llm-create
Unitree Robotics/Go2llm-fuzzy
Unitree/G1v5
Range: 0
Unitree/Go2v5
Range: 0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

takeonme.org/cves/cve-2025-35027mitrethird-party-advisory
spectrum.ieee.org/unitree-robot-exploitmitremedia-coverage
www.cve.org/cverecordmitrerelated
www.cve.org/cverecordmitrerelated
x.com/committeeonccp/status/1971250635548033311mitregovernment-resource

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000