CVE-2025-7020
CVE-2025-7020 is a medium-severity vulnerability with a CVSS 4.0 base score of 5.1. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-656.
Key facts
- Severity: Medium (CVSS 4.0 base score 5.1)
- EPSS exploit prediction: 0% (4th percentile)
- Actively exploited: Not listed in CISA KEV
- EU (EUVD) id: EUVD-2025-24049
- Weakness: CWE-656
- Published:
- Last modified:
Description
An incorrect encryption implementation vulnerability exists in the system log dump feature of BYD's DiLink 3.0 OS (e.g. in the model ATTO3). An attacker with physical access to the vehicle can bypass the encryption of log dumps on the In-Vehicle Infotainment (IVI) unit's storage. This allows the attacker to access and read system logs containing sensitive data, including personally identifiable information (PII) and location data. This vulnerability was introduced in a patch intended to fix CVE-2024-54728.
Frequently asked questions
- What is CVE-2025-7020?
- An incorrect encryption implementation vulnerability exists in the system log dump feature of BYD's DiLink 3.0 OS (e.g. in the model ATTO3). An attacker with physical access to the vehicle can bypass the encryption of log dumps on the In-Vehicle Infotainment (IVI) unit's storage. This allows the attacker to access and read system logs containing sensitive data, including personally identifiable information (PII) and location data. This vulnerability was introduced in a patch intended to fix CVE-2024-54728.
- How severe is CVE-2025-7020?
- CVE-2025-7020 has a CVSS 4.0 base score of 5.1, rated medium severity.
- Is CVE-2025-7020 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 0% (4th percentile), an estimate of the probability of exploitation in the next 30 days.
- How do I fix CVE-2025-7020?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
- Does CVE-2025-7020 have an EU (EUVD) identifier?
- Yes. CVE-2025-7020 is tracked in the ENISA EU Vulnerability Database (EUVD) as EUVD-2025-24049.
- When was CVE-2025-7020 published?
- CVE-2025-7020 was published on 2025-08-09 and last updated on 2026-06-17.
References
Other CWE-656 vulnerabilities
- CVE-2026-7161 — Critical (CVSS 9.3): An insufficient encryption vulnerability exists in the Device Authentication functionality of GeoVision GV-IP Device…
- CVE-2026-42363 — Critical (CVSS 9.3): An insufficient encryption vulnerability exists in the Device Authentication functionality of GeoVision GV-IP Device…
- CVE-2024-12297 — Critical (CVSS 9.2): Moxa’s Ethernet switch is vulnerable to an authentication bypass because of flaws in its authorization mechanism.…
- CVE-2020-10284 — Critical (CVSS 9.1): No authentication is required to control the robot inside the network, moreso the latest available user manual shows an…
- CVE-2025-59093 — High (CVSS 8.5): Exos 9300 instances are using a randomly generated database password to connect to the configured MSSQL server. The…
- CVE-2024-9138 — High (CVSS 7.2): Moxa’s cellular routers, secure routers, and network security appliances are affected by a high-severity…