CVE-2026-49325— Indian Scout Bobber 2025 WCM voltage-based shutdown
Affected Version Matrix 1
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Indian Motorcycle (Polaris Inc.) | Scout Bobber + Tech | 2025 | affected |
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-49325
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Indian Scout Bobber 2025 WCM voltage-based shutdown
Source: NVD (National Vulnerability Database)
Vulnerability Description
Improper handling of physical conditions in the bike-shutdown control of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows a physical attacker with access to the Wireless Control Module (WCM) wiring harness to bypass the anti-theft shutdown. The WCM signals shutdown to a peer ECU via a falling-edge voltage transition on a dedicated wire pair. The receiving ECU does not distinguish between an active shutdown pulse and an open-circuit / disconnected condition; interrupting the relevant wires leaves the motorcycle fully operable even though the WCM never validated the rider's PIN. Specific connector details have been withheld pending vendor remediation.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
CWE-1384
Source: NVD (National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Indian Motorcycle (Polaris Inc.) | Scout Bobber + Tech | 2025 | - |
II. Public POCs for CVE-2026-49325
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-49325
请登录查看更多情报信息。
News Coverage for CVE-2026-49325 (1)
Same Patch Batch · Indian Motorcycle (Polaris Inc.) · 2026-05-29 · 7 CVEs total
| CVE-2026-49324 | 4.6 MEDIUM | Indian Scout Bobber 2025 WCM brute-force |
| CVE-2026-49316 | 4.6 MEDIUM | Indian Scout Bobber 2025 WCM CAN bus-off attack silently bypasses anti-theft shutdown |
| CVE-2026-49322 | 4.3 MEDIUM | Indian Scout Bobber 2025 Infotainment-to-WCM weak authentication allows recovery of user P |
| CVE-2026-49323 | 4.3 MEDIUM | Indian Scout Bobber 2025 WCM-to-ECM weak authentication |
| CVE-2026-49317 | 2.4 LOW | Indian Scout Bobber 2025 Infotainment Digital Round skips PIN entry when WCM is silent at |
| CVE-2026-49318 | 2.4 LOW | Indian Scout Bobber 2025 Infotainment Digital Round skips PIN entry when WCM is silent at |
IV. Related Vulnerabilities
Same product: Scout Bobber + Tech
- CVE-2026-49318
Indian Scout Bobber 2025 Infotainment Digital Round skips PI - CVE-2026-49317
Indian Scout Bobber 2025 Infotainment Digital Round skips PI - CVE-2026-49316
Indian Scout Bobber 2025 WCM CAN bus-off attack silently byp - CVE-2026-49324
Indian Scout Bobber 2025 WCM brute-force - CVE-2026-49323
Indian Scout Bobber 2025 WCM-to-ECM weak authentication
Same vendor: Indian Motorcycle (Polaris Inc.)
- CVE-2026-49318
Indian Scout Bobber 2025 Infotainment Digital Round skips PI - CVE-2026-49317
Indian Scout Bobber 2025 Infotainment Digital Round skips PI - CVE-2026-49316
Indian Scout Bobber 2025 WCM CAN bus-off attack silently byp - CVE-2026-49324
Indian Scout Bobber 2025 WCM brute-force - CVE-2026-49323
Indian Scout Bobber 2025 WCM-to-ECM weak authentication
V. Comments for CVE-2026-49325
No comments yet