top of page
perceptive_background_267k.jpg

Yadea T5 Electric Bicycle

Published:

23 April 2026 at 12:00:00

Alert date:

23 April 2026 at 17:04:31

Source:

cisa.gov

Click to open the original link from this advisory

Mobile & IoT, Critical Infrastructure

CISA issued an advisory for CVE-2025-70994 affecting all versions of Yadea T5 Electric Bicycles. The vulnerability involves weak authentication mechanisms that allow local attackers to intercept key fob transmissions and forge signals to unlock and start the bicycle, potentially leading to vehicle theft. The vulnerability has a CVSS score of 7.3 (High). Yadea did not respond to CISA's coordination attempts. Users are advised to use external locking mechanisms and keep systems updated. The vulnerability requires local access and user interaction but does not require privileges.

Technical details

Mitigation steps:

Affected products:

Yadea T5 Electric Bicycle

Related links:

https://www.cisa.gov/news-events/ics-advisories/icsa-26-113-01
https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-113-01.json
https://www.cve.org/CVERecord?id=CVE-2025-70994
https://yadea.com/contact-us
https://cwe.mitre.org/data/definitions/1390.html
https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page