### [CVE-2025-60017](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60017)
![](https://img.shields.io/static/v1?label=Product&message=B2&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=G1&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Go2&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=H1&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=0%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-78%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20an%20OS%20Command%20('OS%20Command%20Injection')&color=brightgreen)

### Description

Unitree Go2, G1, H1, and B2 devices through 2025-09-20 allow root OS command injection via the hostapd_restart.sh wifi_ssid or wifi_pass parameter (within restart_wifi_ap and restart_wifi_sta).

### POC

#### Reference
- https://github.com/Bin4ry/UniPwn
- https://spectrum.ieee.org/unitree-robot-exploit

#### Github
- https://github.com/Bin4ry/UniPwn