CVE-2025-30118
Published: 25 March 2025
Description
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Security Summary
CVE-2025-30118 is a denial-of-service vulnerability affecting the Audi Universal Traffic Recorder version 2.88. The issue arises from the device's use of identical default credentials across all instances and the absence of proper multi-device authentication, which allows unauthorized parties to occupy the sole available connection and block legitimate owner access. The SSID is perpetually broadcast, heightening the device's discoverability. It carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) and maps to CWE-798 (Use of Hard-coded Credentials).
Remote attackers require no privileges or user interaction to exploit this flaw, needing only network proximity to detect and connect to the broadcast SSID. By authenticating with the universal default credentials, an attacker can monopolize the single connection, rendering the device inaccessible to the owner and achieving a high-impact denial of service without affecting confidentiality or integrity.
Mitigation guidance is available in the referenced advisory at https://github.com/geo-chen/Audi/blob/main/README.md#finding-1---cve-2025-30118-audi-utr-susceptibility-to-dos.
Details
- CWE(s)
MITRE ATT&CK Enterprise Techniques
Why these techniques?
Vulnerability directly results from use of identical hard-coded default credentials with no multi-device auth, enabling unauthorized connection via T1078.001 Default Accounts. Exploitation monopolizes the sole connection to deny service, mapping to T1499.004 Application or System Exploitation for the resulting DoS impact.