CVE-2025-7020 – BYD DiLink 3.0 OS IVI Unit Log Dump Encryption Bypass

CVE ID : CVE-2025-7020

Published : Aug. 9, 2025, 1:15 p.m. | 18 minutes ago

Description : An incorrect encryption implementation vulnerability exists in the system log dump feature of BYD’s DiLink 3.0 OS (e.g. in the model ATTO3). An attacker with physical access to the vehicle can bypass the encryption of log dumps on the In-Vehicle Infotainment (IVI) unit’s storage. This allows the attacker to access and read system logs containing sensitive data, including personally identifiable information (PII) and location data.

This vulnerability was introduced in a patch intended to fix CVE-2024-54728.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…