CPATH-2026-0023 · ROBOTICS HUMANOID

Unitree UniPwn — BLE Wi-Fi config root takeover (Go2/B2/G1/H1)

Provisional. Candidate score (CFSE Consequence Paths 1.0-candidate); pending independent review. Treat as a structured second opinion, not a final rating.

Paths EMERGENCY Dominant consequence FLEET_CONTROL_PLANE authority · Evidence EV:3 (reproduced / report-backed) · Liveness ACTIVE

CPATH ID	`CPATH-2026-0023`
CVE(s)	CVE-2025-35027, CVE-2025-60017, CVE-2025-60250, CVE-2025-60251
Device / class	Unitree UniPwn — BLE Wi-Fi config root takeover (Go2/B2/G1/H1) (ROBOTICS HUMANOID)
Vendor	Unitree
Dominant consequence	`FLEET_CONTROL_PLANE` (authority)
Paths verdict	EMERGENCY (worst of 3 paths)
Published baseline	v3.1 7.3 HIGH `CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N` · Takeonme CNA via NVD (CVE-2025-35027) v3.1 8.2 HIGH `CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:H` · MITRE via NVD (CVE-2025-60017) v3.1 4.7 MEDIUM `CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N` · MITRE via NVD (CVE-2025-60250) v3.1 5 MEDIUM `CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L` · MITRE via NVD (CVE-2025-60251)
Baseline relationship	▼ Paths higher
Consequence dimension(s)	#1 #2 #7 #8 (what these mean)
Scored	2026-06-03 · CFSE Consequence Paths v1.0-candidate · validation: provisional
Baseline confidence	high

Consequence Paths

Paths Assessment

perception

`PERCEPTION_TO_ACTION`

CRITICAL

Reachability RE:2

Complexity EC:4

Consequence PERCEPTION_TO_ACTION

Scale SR:4 / SX:2

Verdict CRITICAL

Reachability 2

Complexity 4

Exposure 2

Physical / safety 4

Data / perception 4

Authority 3

Chainability 4

Reuse scale 4

Execution scale 2

Recovery 3

Evidence EV:3 · reproduced / report-backed

Liveness ACTIVE

Vector

CPATH:1.0-candidate/TT:PERCEPTION_TO_ACTION/RE:2/EC:4/EX:2/PH:4/DP:4/AT:3/CH:4/SR:4/SX:2/OR:3/EV:3/LS:ACTIVE

authority

`FLEET_CONTROL_PLANE`

EMERGENCY

Reachability RE:2

Complexity EC:4

Consequence FLEET_CONTROL_PLANE

Scale SR:4 / SX:4

Verdict EMERGENCY

Reachability 2

Complexity 4

Exposure 2

Physical / safety 4

Data / perception 3

Authority 3

Chainability 4

Reuse scale 4

Execution scale 4

Recovery 4

Evidence EV:3 · reproduced / report-backed

Liveness ACTIVE

Vector

CPATH:1.0-candidate/TT:FLEET_CONTROL_PLANE/RE:2/EC:4/EX:2/PH:4/DP:3/AT:3/CH:4/SR:4/SX:4/OR:4/EV:3/LS:ACTIVE

perception

`PERCEPTION_PRIVACY`

CRITICAL

Reachability RE:2

Complexity EC:4

Consequence PERCEPTION_PRIVACY

Scale SR:4 / SX:2

Verdict CRITICAL

Reachability 2

Complexity 4

Exposure 2

Physical / safety 4

Data / perception 4

Authority 3

Chainability 3

Reuse scale 4

Execution scale 2

Recovery 3

Evidence EV:3 · reproduced / report-backed

Liveness ACTIVE

Vector

CPATH:1.0-candidate/TT:PERCEPTION_PRIVACY/RE:2/EC:4/EX:2/PH:4/DP:4/AT:3/CH:3/SR:4/SX:2/OR:3/EV:3/LS:ACTIVE

Assessment

CFSE Consequence Paths assesses Unitree UniPwn — BLE Wi-Fi config root takeover (Go2/B2/G1/H1) at EMERGENCY — the worst of 3 risk paths (perception, authority). The dominant consequence is reach into a fleet management plane.

Vulnerability

Unitree UniPwn — BLE Wi-Fi config root takeover (Go2/B2/G1/H1). Reported attack vector: Adjacent (Bluetooth/BLE proximity).

CFSE Consequence Paths analysis

The vulnerability is decomposed into one risk path per terminal consequence. Each path is scored on its exposure (reachability × execution complexity) and the authority, perception, and physical/safety it reaches, together with its scale of reuse, scale of execution, and recoverability.

`PERCEPTION_TO_ACTION` → CRITICAL

CPATH:1.0-candidate/TT:PERCEPTION_TO_ACTION/RE:2/EC:4/EX:2/PH:4/DP:4/AT:3/CH:4/SR:4/SX:2/OR:3/EV:3/LS:ACTIVE

Exposure EX=2 (reachability-bound) · bands PH=CRITICAL · DP=CRITICAL · AT=HIGH → base CRITICAL → assessed CRITICAL.

BLE-proximity (RE2) unauthenticated root via hardcoded key + trivial string-auth + sudo command injection (EC4, public PoC). Root grants full control of the motion stack of a walking humanoid/quadruped: credible physical hazard to bystanders (PH4). Onboard perception (LIDAR/spatial map/camera) drives the robot’s own actuation, so perception feeds action (DP4, perception_feeds_action).
AT3 — full OS/service authority but not a signing-root/OTA-root. Crosses RF->device->physical/safety boundaries (CH4, boundary_crossing).
SR4 — shared key reuses across population;
SX2 — per-device proximity for the initial actuation control.
OR3 — vendor firmware fix needed but per-unit, not a recall/signing-root rotation.
EV3 — reproduced; no published weaponized-motion demo so active_exploitation=false.

`FLEET_CONTROL_PLANE` → EMERGENCY

CPATH:1.0-candidate/TT:FLEET_CONTROL_PLANE/RE:2/EC:4/EX:2/PH:4/DP:3/AT:3/CH:4/SR:4/SX:4/OR:4/EV:3/LS:ACTIVE

Exposure EX=2 (reachability-bound) · bands PH=CRITICAL · DP=HIGH · AT=HIGH → base CRITICAL · uplift fleet-reachable authority, recall-class recovery → assessed EMERGENCY.

Wormable: a compromised robot autonomously scans BLE and infects in-range Unitree units using the same hardcoded shared key, forming a robot botnet. Initial entry is BLE-proximity (RE2) but propagation is self-spreading and key-portable, so SX4 (fleet/deployment-scale propagation without per-device human access by the attacker), SR4 (shared key across entire population).
EC4 — wormable automation in PoC.
AT3 — root authority on each peer (not OTA/signing-root).
PH3 — aggregate of many root-controlled mobile robots reduces safety margin across a deployment.
DP3 — operational/firmware state across fleet.
CH4 — multi-hop reusable cross-domain bridge;
boundary_crossing — true.
OR4 — recovery needs fleet-wide firmware remediation and re-infection trivial while any unpatched peer remains in range (recovery_needs_fleet_action).
EV3 — reproduced; worm demonstrated in research but not confirmed exploited in wild, so active_exploitation=false.

`PERCEPTION_PRIVACY` → CRITICAL

CPATH:1.0-candidate/TT:PERCEPTION_PRIVACY/RE:2/EC:4/EX:2/PH:4/DP:4/AT:3/CH:3/SR:4/SX:2/OR:3/EV:3/LS:ACTIVE

Exposure EX=2 (reachability-bound) · bands PH=CRITICAL · DP=CRITICAL · AT=HIGH → base CRITICAL · caps privacy-only cap → assessed CRITICAL.

Same BLE-proximity root (RE2, EC4, AT3). Root grants live access to cameras, microphones, LIDAR and spatial maps for surveillance/exfiltration: DP4 (live-camera/spatial-map/world-model state). Here the perception is exfiltrated for surveillance, not feeding the robot’s own safety-relevant action, so perception_feeds_action=false.
CH3 — (RF->device->cloud/exfil bridge);
boundary_crossing — true.
SR4 — shared key;
SX2 — per-device proximity.
OR3 — firmware fix per unit.
EV3 — reproduced.

Published baseline

v3.1 7.3 HIGH — CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N — Takeonme CNA via NVD (CVE-2025-35027)
v3.1 8.2 HIGH — CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:H — MITRE via NVD (CVE-2025-60017)
v3.1 4.7 MEDIUM — CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N — MITRE via NVD (CVE-2025-60250)
v3.1 5 MEDIUM — CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L — MITRE via NVD (CVE-2025-60251)

The published baseline above is retained for source review. The registry records the reachable consequence path, including deployment-specific cyber-physical consequence, physical/safety impact, scale, and recovery burden.

Sources

Score it yourself in the calculator Review this score

Cite this entry:

CFSE Consequence Paths Registry v1.0-candidate, entry CPATH-2026-0023 (“Unitree UniPwn — BLE Wi-Fi config root takeover (Go2/B2/G1/H1)”), paths.cfse.ai/CPATH-2026-0023 (published 2026-06-03).

Unitree UniPwn — BLE Wi-Fi config root takeover (Go2/B2/G1/H1)

Paths Assessment

Assessment

Vulnerability

CFSE Consequence Paths analysis

PERCEPTION_TO_ACTION → CRITICAL

FLEET_CONTROL_PLANE → EMERGENCY

PERCEPTION_PRIVACY → CRITICAL

Published baseline

Sources

`PERCEPTION_TO_ACTION` → CRITICAL

`FLEET_CONTROL_PLANE` → EMERGENCY

`PERCEPTION_PRIVACY` → CRITICAL