Critical vulnerabilities have been discovered in Kia’s dealer portal, potentially exposing millions of vehicles to remote hijacking. These vulnerabilities could allow attackers to remotely control vital car functions, steal personal information of car owners, and even add themselves as hidden users on the vehicles. The flaws arise from the improper handling of user authentication and authorization in the dealer portal, allowing attackers to bypass security measures and gain unauthorized access. Attackers can exploit these vulnerabilities to take control of vehicles, access sensitive information, and potentially even cause physical harm, posing a significant threat to the safety and security of Kia owners. Urgent patching is recommended for all Kia vehicles and their associated dealer systems to mitigate these critical vulnerabilities.