CVE-2025-7020 – BYD DiLink 3.0 OS IVI Unit Log Dump Encryption Bypass

August 9, 2025

CVE ID : CVE-2025-7020

Published : Aug. 9, 2025, 1:15 p.m. | 10 hours, 25 minutes ago

Description : An incorrect encryption implementation vulnerability exists in the system log dump feature of BYD’s DiLink 3.0 OS (e.g. in the model ATTO3). An attacker with physical access to the vehicle can bypass the encryption of log dumps on the In-Vehicle Infotainment (IVI) unit’s storage. This allows the attacker to access and read system logs containing sensitive data, including personally identifiable information (PII) and location data.

This vulnerability was introduced in a patch intended to fix CVE-2024-54728.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-7726 – WordPress The7 Stored Cross-Site Scripting Vulnerability

Next Article CVE-2025-8752 – Wangzhixuan Spring-Shiro-Training Command Injection Vulnerability

Highlights

CVE-2025-20297 – Splunk Cross-Site Scripting (XSS)

June 2, 2025

CVE ID : CVE-2025-20297

Published : June 2, 2025, 6:15 p.m. | 1 hour, 9 minutes ago

Description : In Splunk Enterprise versions below 9.4.2, 9.3.4 and 9.2.6, and Splunk Cloud Platform versions below 9.3.2411.102, 9.3.2408.111 and 9.2.2406.118, a low-privileged user that does not hold the “admin” or “power” Splunk roles could craft a malicious payload through the pdfgen/render REST endpoint that could result in execution of unauthorized JavaScript code in the browser of a user.

Severity: 4.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

The Power Of The Intl API: A Definitive Guide To Browser-Native Internationalization

This week in AI dev tools: GPT-5, Claude Opus 4.1, and more (August 8, 2025)

Elastic simplifies log analytics for SREs and developers with launch of Log Essentials

OpenAI launches GPT-5

I compared the best headphones from Apple, Sony, Bose, and Sonos: Here’s how the AirPods Max wins

I changed these 6 settings on my iPad to significantly improve its battery life

DistroWatch Weekly, Issue 1134

3 portable power stations I travel everywhere with (and how they differ)

Next.js PWA offline capability with Service Worker, no extra package

Next.js PWA offline capability with Service Worker, no extra package

spatie/laravel-flare

Establishing Consistent Data Foundations with Laravel’s Database Population System

Windows 11 Copilot gets free access to GPT-5 Thinking, reduced rate limits than ChatGPT Free

Windows 11 Copilot gets free access to GPT-5 Thinking, reduced rate limits than ChatGPT Free

Best Architecture AI Rendering Platform: 6 Tools Tested

Microsoft won’t kill off Chromium Edge and PWAs on Windows 10 until October 2028

CVE-2025-7020 – BYD DiLink 3.0 OS IVI Unit Log Dump Encryption Bypass

Researchers Reveal ReVault Attack Targeting Dell ControlVault3 Firmware in 100+ Laptop Models

Researchers Detail Windows EPM Poisoning Exploit Chain Leading to Domain Privilege Escalation

CVE-2024-51980 – Apache HTTP Server SSRF Vulnerability

I’ve listed Minecraft’s best and worst moments from the last 16 years

CVE-2025-30315 – Adobe Connect Stored XSS Vulnerability

Learn Object-Oriented Programming in TypeScript

CVE-2025-20297 – Splunk Cross-Site Scripting (XSS)

Microsoft Edge’s settings menu is now so big it can’t fit on a single screen

Filament: Calculate/Show Age Based on Birth Date Field

CVE-2025-47271 – GitHub OZI Action Command Injection

CVE-2025-7020 – BYD DiLink 3.0 OS IVI Unit Log Dump Encryption Bypass

Related Posts