CVE-2025-32058
📋 TL;DR
This vulnerability allows an attacker with code execution on the infotainment system's main processor to execute arbitrary code on the RH850 CAN communication module, enabling them to send malicious CAN bus messages. This affects Nissan Leaf ZE1 vehicles manufactured in 2020 with Bosch infotainment systems. The vulnerability could allow vehicle control manipulation through the CAN bus.
💻 Affected Systems
- Nissan Leaf ZE1 infotainment system manufactured by Bosch
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete vehicle compromise allowing remote attacker to control critical systems like braking, steering, or acceleration through malicious CAN messages, potentially causing accidents or vehicle theft.
Likely Case
Attacker gains ability to send arbitrary CAN messages, potentially enabling unauthorized access to vehicle systems, disabling safety features, or extracting sensitive data from vehicle networks.
If Mitigated
With proper network segmentation and access controls, impact limited to infotainment system only, preventing CAN bus access and maintaining vehicle safety systems integrity.
🎯 Exploit Status
Exploit requires initial access to infotainment system, then leverages protocol vulnerability in RH850 communication
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Unknown
Vendor Advisory: https://www.nissan.co.uk/vehicles/new-vehicles/leaf.html
Restart Required: Yes
Instructions:
Contact Nissan dealership for vehicle software updates. No self-patching available.
🔧 Temporary Workarounds
Disable vulnerable interfaces
allDisable or restrict access to infotainment system interfaces that could provide initial code execution
Network segmentation
allImplement strict network segmentation between infotainment system and critical vehicle CAN networks
🧯 If You Can't Patch
- Implement physical access controls to prevent unauthorized access to vehicle diagnostic ports
- Monitor for unusual CAN bus traffic patterns and implement intrusion detection for vehicle networks
🔍 How to Verify
Check if Vulnerable:
Check vehicle VIN and manufacturing date (2020 Nissan Leaf ZE1). Consult Nissan dealership for specific vehicle software version checks.Check Version:
No command available - requires dealership diagnostic toolsVerify Fix Applied:
Verify with Nissan dealership that vehicle has received latest software updates addressing the vulnerability.📡 Detection & Monitoring
Log Indicators:
- Unusual CAN message patterns
- Unexpected protocol requests to RH850 module
- Infotainment system compromise indicators
Network Indicators:
- Malformed INC protocol packets
- Unauthorized CAN bus message injection
- Suspicious infotainment system network traffic
SIEM Query:
Not applicable - requires specialized automotive network monitoring