unitree CVE Vulnerabilities & Metrics

Focus on unitree vulnerabilities and metrics.

Last updated: 16 Jan 2026, 23:25 UTC

About unitree Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with unitree. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total unitree CVEs: 6
Earliest CVE date: 05 Aug 2022, 17:15 UTC
Latest CVE date: 25 Jul 2025, 16:15 UTC

Latest CVE reference: CVE-2025-45466

Rolling Stats

30-day Count (Rolling): 0
365-day Count (Rolling): 3

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): 0%
Year Variation (Calendar): 0%

Month Growth Rate (30-day Rolling): 0.0%
Year Growth Rate (365-day Rolling): 0.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical unitree CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 0.0

Max CVSS: 0

Critical CVEs (≥9): 0

CVSS Range vs. Count

Range	Count
0.0-3.9	6
4.0-6.9	0
7.0-8.9	0
9.0-10.0	0

CVSS Distribution Chart

Top 5 Highest CVSS unitree CVEs

These are the five CVEs with the highest CVSS scores for unitree, sorted by severity first and recency.

CVE-2025-45466 unitree Published on 25 Jul 2025, 16:15 UTC (CVSS: 0)
Unitree Go1 <= Go1_2022_05_11 is vulnerale to Incorrect Access Control due to authentication credentials being hardcoded in plaintext.
CVE-2025-45467 unitree Published on 25 Jul 2025, 15:15 UTC (CVSS: 0)
Unitree Go1 <= Go1_2022_05_11 is vulnerable to Insecure Permissions as the firmware update functionality (via Wi-Fi/Ethernet) implements an insecure verification mechanism that solely relies on MD5 checksums for firmware integrity validation.
CVE-2025-2894 unitree Published on 28 Mar 2025, 03:15 UTC (CVSS: 0)
The Go1 also known as "The World's First Intelligence Bionic Quadruped Robot Companion of Consumer Level," contains an undocumented backdoor that can enable the manufacturer, and anyone in possession of the correct API key, complete remote control over the affected robotic device using the CloudSail remote access service.
CVE-2023-3104 unitree Published on 22 Nov 2023, 12:15 UTC (CVSS: 0)
Lack of authentication vulnerability. An unauthenticated local user is able to see through the cameras using the web server due to the lack of any form of authentication.
CVE-2023-3103 unitree Published on 22 Nov 2023, 12:15 UTC (CVSS: 0)
Authentication bypass vulnerability, the exploitation of which could allow a local attacker to perform a Man-in-the-Middle (MITM) attack on the robot's camera video stream. In addition, if a MITM attack is carried out, it is possible to consume the robot's resources, which could lead to a denial-of-service (DOS) condition.

All CVEs for unitree

CVE-2025-45466 unitree vulnerability CVSS: 0 25 Jul 2025, 16:15 UTC

Unitree Go1 <= Go1_2022_05_11 is vulnerale to Incorrect Access Control due to authentication credentials being hardcoded in plaintext.

CVE-2025-45467 unitree vulnerability CVSS: 0 25 Jul 2025, 15:15 UTC

Unitree Go1 <= Go1_2022_05_11 is vulnerable to Insecure Permissions as the firmware update functionality (via Wi-Fi/Ethernet) implements an insecure verification mechanism that solely relies on MD5 checksums for firmware integrity validation.

CVE-2025-2894 unitree vulnerability CVSS: 0 28 Mar 2025, 03:15 UTC

The Go1 also known as "The World's First Intelligence Bionic Quadruped Robot Companion of Consumer Level," contains an undocumented backdoor that can enable the manufacturer, and anyone in possession of the correct API key, complete remote control over the affected robotic device using the CloudSail remote access service.

CVE-2023-3104 unitree vulnerability CVSS: 0 22 Nov 2023, 12:15 UTC

Lack of authentication vulnerability. An unauthenticated local user is able to see through the cameras using the web server due to the lack of any form of authentication.

CVE-2023-3103 unitree vulnerability CVSS: 0 22 Nov 2023, 12:15 UTC

Authentication bypass vulnerability, the exploitation of which could allow a local attacker to perform a Man-in-the-Middle (MITM) attack on the robot's camera video stream. In addition, if a MITM attack is carried out, it is possible to consume the robot's resources, which could lead to a denial-of-service (DOS) condition.

CVE-2022-2675 unitree vulnerability CVSS: 0 05 Aug 2022, 17:15 UTC

Using off-the-shelf commodity hardware, the Unitree Go 1 robotics platform version H0.1.7 and H0.1.9 (using firmware version 0.1.35) can be powered down by an attacker within normal RF range without authentication. Other versions may be affected, such as the A1.