CVE-2025-30117

High

Published: 18 March 2025

Published

18 March 2025

Modified

22 May 2025

KEV Added

—

Patch

—

CVSS Score 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

EPSS Score 0.0008 23.4th percentile

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Description

Adversaries may perform Endpoint Denial of Service (DoS) attacks to degrade or block the availability of services to users.

Security Summary

CVE-2025-30117, published on 2025-03-18, affects the Forvia Hella HELLA Driving Recorder DR 820. The vulnerability, classified under CWE-285 (Improper Authorization), enables unauthorized parties to manage device settings, obtain sensitive data, and sabotage the car battery. It carries a CVSS v3.1 base score of 7.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L), reflecting network-accessible exploitation with low complexity, no privileges or user interaction required.

Remote attackers can exploit this by bypassing device pairing to access the settings interface, retrieving sensitive user and vehicle information. They can then modify power management settings, disable recording, delete stored footage, and deactivate battery protection, potentially causing denial-of-service conditions and vehicle battery drainage.

For mitigation guidance, refer to the provided references: https://github.com/geo-chen/Hella and https://medium.com/@geochen/cve-draft-hella-driving-recorder-dr-820-ff8c4e2cca26.

Details

CWE(s): CWE-285

Affected Products

hella

dr 820 firmware

all versions

MITRE ATT&CK Enterprise Techniques

T1005 Data from Local System Collection

Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.

attack.mitre.org →

T1070.004 File Deletion Stealth

Adversaries may delete files left behind by the actions of their intrusion activity.

attack.mitre.org →

T1082 System Information Discovery Discovery

An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture.

attack.mitre.org →

T1083 File and Directory Discovery Discovery

Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system.

attack.mitre.org →

T1489 Service Stop Impact

Adversaries may stop or disable services on a system to render those services unavailable to legitimate users.

attack.mitre.org →

T1499 Endpoint Denial of Service Impact

Adversaries may perform Endpoint Denial of Service (DoS) attacks to degrade or block the availability of services to users.

attack.mitre.org →

Why these techniques?

The vulnerability enables unauthorized access to discover system/vehicle information (T1082), enumerate files/directories (T1083), collect local data like settings and footage (T1005), delete footage (T1070.004), stop recording services (T1489), and cause endpoint DoS via battery drain (T1499).

References

https://github.com/geo-chen/Hella
Third Party Advisory · cve@mitre.org
https://medium.com/@geochen/cve-draft-hella-driving-recorder-dr-820-ff8c4e2cca26
Permissions Required · cve@mitre.org