CVE-2025-56448

medium

Description

The Positron PX360BT SW REV 8 car alarm system is vulnerable to a replay attack due to a failure in implementing rolling code security. The alarm system does not properly rotate or invalidate used codes, allowing repeated reuse of captured transmissions. This exposes users to significant security risks, including vehicle theft and loss of trust in the alarm's anti-cloning claims.

References

https://positron.com.br/blog/positron-lanca-alarme-px360bt-starter/

https://medium.com/@wagneralves_87750/cve-2025-56448-replay-attack-vulnerability-in-positron-px360bt-car-alarm-system-c9f1ccea6ebe

Details

Source: Mitre, NVD

Published: 2025-09-15

Updated: 2025-10-14

Risk Information

CVSS v2

Base Score: 7.2

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 6.8

Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Medium

EPSS

EPSS: 0.00018