CVE-2025-35027 is an OS command injection vulnerability categorized under CWE-78 that affects multiple robotic products from Unitree Robotics, including the Go2 quadruped robot, G1 humanoid, H1, and B2 models. These devices share a common firmware codebase derived from the MIT Cheetah project, with two major forks for different robot types. The vulnerability is triggered when an attacker sets a maliciously crafted string during the configuration of the on-board WiFi via the robot's Bluetooth Low Energy (BLE) module. This malicious input is not properly sanitized or neutralized before being passed to the wpa_supplicant_restart.sh shell script, which is responsible for restarting the WiFi service. When the WiFi service is restarted, the injected commands execute with root privileges, enabling full system compromise. The attack vector requires an attacker to have low-level privileges (PR:L) and network access (AV:A), but no user interaction is needed (UI:N). The vulnerability was published on September 26, 2025, with a CVSS v3.1 score of 7.3, indicating high severity. No public exploits are known at this time, but the potential impact includes unauthorized command execution, data confidentiality breaches, and integrity violations. The vulnerability affects all versions of the firmware as indicated, and no patches have been linked yet. The root cause is improper input validation and neutralization of special characters in the WiFi configuration process, a critical oversight given the privileged execution context of the restart script.

For European organizations deploying Unitree robotic products, this vulnerability poses a significant risk to operational security and data confidentiality. Robots used in industrial automation, research labs, logistics, or security patrols could be commandeered by attackers to execute arbitrary commands as root, potentially leading to data theft, sabotage, or disruption of critical robotic functions. The ability to execute commands at root level without user interaction increases the risk of stealthy persistent attacks. Compromise of these robots could also serve as a pivot point for lateral movement within enterprise networks, especially in environments where robots are integrated with other critical systems. The impact on availability is less direct but could occur if attackers disable WiFi or robot functions. Given the growing adoption of robotics in European manufacturing and research sectors, the threat could affect sensitive intellectual property and operational continuity. The lack of known exploits currently provides a window for mitigation, but the vulnerability’s nature suggests it could be weaponized quickly once exploited in the wild.

1. Immediately restrict BLE module access to trusted devices only, using strong authentication and encryption to prevent unauthorized WiFi configuration attempts. 2. Implement strict input validation and sanitization on all WiFi configuration parameters, especially those received via BLE, to neutralize special characters that could lead to command injection. 3. Monitor and log all WiFi configuration changes and service restarts to detect anomalous or unauthorized activities. 4. Isolate robotic devices on segmented networks with limited access to critical infrastructure to reduce attack surface and lateral movement risk. 5. Deploy host-based intrusion detection systems (HIDS) on robots if supported, to detect suspicious command executions. 6. Coordinate with Unitree Robotics for timely firmware updates and apply patches as soon as they become available. 7. Conduct security audits and penetration testing focused on BLE interfaces and WiFi configuration mechanisms. 8. Educate operational staff on the risks of BLE-based configuration and enforce strict operational security policies around robot management.