Description
An issue in Hero Motocorp Vida V1 Pro 2.0.7 allows a local attacker to cause a denial of service via the BLE component
Published: 2026-01-09
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Patch Immediately
AI Analysis

Impact

An issue in Hero Motocorp Vida V1 Pro firmware 2.0.7 allows a local attacker to trigger a denial of service by exploiting the BLE component. The flaw leads to resource exhaustion or a crash that renders the device inoperable, preventing normal operation until it is reset or re‑started. The weakness is a classic input/resource exhaustion problem, identified as CWE-400.

Affected Systems

The vulnerability affects Hero Motocorp’s Vida V1 Pro single‑seat electric motorcycle running firmware version 2.0.7. No additional products or versions are listed, so the impact is limited to units identified with that specific firmware revision.

Risk and Exploitability

The CVSS score of 7.5 indicates a high severity, but the EPSS score of less than 1% suggests a very low probability of widespread exploitation at present. The vulnerability is not listed in CISA’s KEV catalog. The likely attack vector is local, requiring proximity to the motorcycle and the ability to initiate unauthenticated BLE connections. An attacker could exploit the flaw by sending crafted BLE packets that cause the device to freeze or crash, forcing a denial of service.

Generated by OpenCVE AI on April 20, 2026 at 15:59 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the Vida V1 Pro firmware to the latest version released by Hero Motocorp that includes a fix for CVE-2025-67133.
  • If an immediate firmware update is unavailable, disable or block the BLE interface on the motorcycle to prevent unauthorized connections.
  • Monitor BLE traffic for anomalous packets or repeated connection attempts, and log any failures to trigger a security alert.

Generated by OpenCVE AI on April 20, 2026 at 15:59 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 20 Apr 2026 16:15:00 +0000

Type Values Removed Values Added
Title Denial of Service via Unauthenticated BLE Connection

Tue, 14 Apr 2026 15:30:00 +0000

Type Values Removed Values Added
References

Tue, 14 Apr 2026 14:30:00 +0000

Type Values Removed Values Added
References

Tue, 10 Feb 2026 20:30:00 +0000

Type Values Removed Values Added
First Time appeared Heromotocorp
Heromotocorp vida V1 Pro
Heromotocorp vida V1 Pro Firmware
CPEs cpe:2.3:h:heromotocorp:vida_v1_pro:-:*:*:*:*:*:*:*
cpe:2.3:o:heromotocorp:vida_v1_pro_firmware:2.0.7:*:*:*:*:*:*:*
Vendors & Products Heromotocorp
Heromotocorp vida V1 Pro
Heromotocorp vida V1 Pro Firmware

Fri, 09 Jan 2026 17:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-400
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 09 Jan 2026 15:45:00 +0000

Type Values Removed Values Added
Description An issue in Hero Motocorp Vida V1 Pro 2.0.7 allows a local attacker to cause a denial of service via the BLE component
References

Subscriptions

Heromotocorp Vida V1 Pro Vida V1 Pro Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-04-14T14:07:23.904Z

Reserved: 2025-12-08T00:00:00.000Z

Link: CVE-2025-67133

cve-icon Vulnrichment

Updated: 2026-01-09T16:20:37.708Z

cve-icon NVD

Status : Modified

Published: 2026-01-09T16:16:07.037

Modified: 2026-04-14T15:16:24.943

Link: CVE-2025-67133

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-20T16:00:10Z

Weaknesses