What is CVE-2025-6029?

CVE-2025-6029 is a critical security vulnerability with a CVSS score of 9.4 affecting keyless entry systems in KIA vehicles across Ecuador. The vulnerability exposes thousands of cars to risk of theft due to weaknesses in aftermarket key fobs homologated by KIA Ecuador.

Which KIA vehicle models are affected by CVE-2025-6029?

The affected models include the Kia Soluto, Rio, and Picanto from 2022 to 2025. These vehicles use aftermarket key fobs that are homologated by KIA Ecuador but are not original equipment manufacturer (OEM) parts.

What causes this security vulnerability?

The vulnerability stems from KIA Ecuador's continued use of insecure fixed code technology instead of industry-standard rolling code systems. Learning code key fobs transmit a fixed code each time they are used, which has been considered obsolete since the mid-1990s when rolling code technology became standard.

Which chips are affected by this vulnerability?

Two vulnerable chips were deployed: KIA Ecuador vehicles from 2022 and early 2023 utilize the HS2240 chip, while models from 2024 and 2025 employ the EV1527 chip. Both chips rely on the same insecure learning code technology and support approximately one million possible fixed code combinations.

How can attackers exploit this vulnerability?

Attackers have several options including signal cloning for unlimited unauthorized access or brute force attacks against the fixed code combinations. Since the codes never change, a cloned signal can be used repeatedly to unlock vehicles.

How many KIA vehicles are affected in Ecuador?

While the exact number has not been specifically disclosed, reports indicate that thousands of KIA vehicles across Ecuador are impacted by this vulnerability.

What is the severity level of CVE-2025-6029?

CVE-2025-6029 is classified as critical with a CVSS score of 9.4, indicating a very high severity level that poses significant risk of vehicle theft and requires immediate attention.

Advisory

Critical keyless entry vulnerability exposes KIA vehicles in Ecuador to theft

Q: Who discovered this vulnerability?

The vulnerability was discovered by Danilo Erazo, who identified weaknesses in the keyless entry systems homologated and distributed by KIA Ecuador.

Q: What is the difference between learning code and rolling code technology?

Learning code technology uses a fixed code that never changes, making it vulnerable to cloning. Rolling code systems change the unlock code with every use to prevent cloning, providing much better security. Rolling code has been the automotive industry standard since the mid-1990s.

published: June 16, 2025

Take action: If you have a Kia car in Ecuador, reach out to the distributor for remediation or possibly disabling of the keyless system. Better to unlock manually then for your car to be stolen. If you are building security systems, don't go for the cheap solution that's been obsolete for decades. It's obsolete because it was breached. That applies both to physical devices and to software and algorithms.

Learn More

A critical security vulnerability has been uncovered in keyless entry systems in KIA vehicles across Ecuador, exposing thousands of cars to risk of theft

The vulnerability is tracked as CVE-2025-6029 (CVSS score 9.4) discovered by Danilo Erazo, who identified weaknesses in the keyless entry systems homologated and distributed by KIA Ecuador. The vulnerability centers on the use of outdated "learning code" technology in aftermarket key fobs for models including the Kia Soluto, Rio, and Picanto from 2022 to 2025.

These key fobs are not original equipment manufacturer (OEM) parts but are homologated by KIA Ecuador, giving them the appearance of official factory components.

The cause of this vulnerability stems from KIA Ecuador's continued use of insecure fixed code technology instead of industry-standard rolling code systems. Unlike modern rolling code systems, which change the unlock code with every use to prevent cloning, learning code key fobs transmit a fixed code each time they are used. This design flaw has been considered obsolete since the mid-1990s, when rolling code technology became the automotive industry standard for keyless entry security.

Two vulnerable chips were deployed. KIA Ecuador vehicles from 2022 and early 2023 utilize the HS2240 chip, while models from 2024 and 2025 employ the EV1527 chip, both of which rely on the same insecure learning code technology. These chips support approximately one million possible fixed code combinations.

Attackers have several options to attack, like signal cloning for unlimited unauthorized access or brute force attacks against fixed code combinations.

The number of affected vehicles has not been specifically disclosed, though reports indicate that thousands of KIA vehicles across Ecuador are impacted. Despite being informed of the issue in May 2024, KIA Ecuador has yet to implement any remediation.

Critical keyless entry vulnerability exposes KIA vehicles in Ecuador to theft