{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2025-67133", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2026-04-14T14:07:23.904Z", "dateReserved": "2025-12-08T00:00:00.000Z", "datePublished": "2026-01-09T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-04-14T14:07:23.904Z"}, "descriptions": [{"lang": "en", "value": "An issue in Hero Motocorp Vida V1 Pro 2.0.7 allows a local attacker to cause a denial of service via the BLE component"}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://threadpoolx.gitbook.io/docs/cve/cve-2025-67133-denial-of-service-via-unauthenticated-ble-connection"}, {"url": "https://www.vidaworld.com/"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-400", "lang": "en", "description": "CWE-400 Uncontrolled Resource Consumption"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-01-09T16:20:14.082255Z", "id": "CVE-2025-67133", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-09T16:20:43.180Z"}}]}, "dataVersion": "5.2"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-67133", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-01-09T16:20:14.082255Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-400", "description": "CWE-400 Uncontrolled Resource Consumption"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-09T16:20:37.708Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://threadpoolx.gitbook.io/docs/cve/cve-2025-67133-denial-of-service-via-unauthenticated-ble-connection"}, {"url": "https://www.vidaworld.com/"}], "descriptions": [{"lang": "en", "value": "An issue in Hero Motocorp Vida V1 Pro 2.0.7 allows a local attacker to cause a denial of service via the BLE component"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-04-14T14:07:23.904Z"}}}, "cveMetadata": {"cveId": "CVE-2025-67133", "state": "PUBLISHED", "dateUpdated": "2026-04-14T14:07:23.904Z", "dateReserved": "2025-12-08T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2026-01-09T00:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:heromotocorp:vida_v1_pro_firmware:2.0.7:*:*:*:*:*:*:*", "matchCriteriaId": "0E0A978F-CFCC-42C0-9B25-448FE52BACBD", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:heromotocorp:vida_v1_pro:-:*:*:*:*:*:*:*", "matchCriteriaId": "B76066CE-A89C-4FA0-B885-9CE573A8224F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An issue in Hero Motocorp Vida V1 Pro 2.0.7 allows a local attacker to cause a denial of service via the BLE component"}, {"lang": "es", "value": "Un problema en Hero Motocorp Vida V1 Pro 2.0.7 permite a un atacante local causar una denegaci\u00f3n de servicio a trav\u00e9s del componente BLE."}], "id": "CVE-2025-67133", "lastModified": "2026-04-14T15:16:24.943", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-01-09T16:16:07.037", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://threadpoolx.gitbook.io/docs/cve/cve-2025-67133-denial-of-service-via-unauthenticated-ble-connection"}, {"source": "cve@mitre.org", "url": "https://www.vidaworld.com/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-400"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-20T15:59:18.401491+00:00", "value": {"mitigation_remediation": ["Update the Vida V1 Pro firmware to the latest version released by Hero Motocorp that includes a fix for CVE-2025-67133.", "If an immediate firmware update is unavailable, disable or block the BLE interface on the motorcycle to prevent unauthorized connections.", "Monitor BLE traffic for anomalous packets or repeated connection attempts, and log any failures to trigger a security alert."], "summary": {"action": "Patch Immediately", "impact": "Denial of Service"}, "threat_synthesis": {"affected_systems": "The vulnerability affects Hero Motocorp\u2019s Vida V1 Pro single\u2011seat electric motorcycle running firmware version 2.0.7. No additional products or versions are listed, so the impact is limited to units identified with that specific firmware revision.", "description_and_impact": "An issue in Hero Motocorp Vida V1 Pro firmware 2.0.7 allows a local attacker to trigger a denial of service by exploiting the BLE component. The flaw leads to resource exhaustion or a crash that renders the device inoperable, preventing normal operation until it is reset or re\u2011started. The weakness is a classic input/resource exhaustion problem, identified as CWE-400.", "risk_and_exploitability": "The CVSS score of 7.5 indicates a high severity, but the EPSS score of less than 1% suggests a very low probability of widespread exploitation at present. The vulnerability is not listed in CISA\u2019s KEV catalog. The likely attack vector is local, requiring proximity to the motorcycle and the ability to initiate unauthenticated BLE connections. An attacker could exploit the flaw by sending crafted BLE packets that cause the device to freeze or crash, forcing a denial of service."}}}}, "created": "2026-04-20T16:00:10.650542+00:00", "title": "Denial of Service via Unauthenticated BLE Connection", "updated": "2026-04-20T16:00:10.650553+00:00", "vendors": []}