Description

The anti-theft protection mechanism can be bypassed by attackers due to weak response generation algorithms for the head unit. It is possible to reveal all 32 corresponding responses by sniffing CAN traffic or by pre-calculating the values, which allow to bypass the protection. First identified on Nissan Leaf ZE1 manufactured in 2020.

INFO

Published Date :

2026-01-22T15:21:21.945Z

Last Modified :

2026-01-22T15:44:40.651Z

Source :

ASRG
AFFECTED PRODUCTS

The following products are affected by CVE-2025-32056 vulnerability.

Vendors Products
Bosch
  • Infotainment System Ecu
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-32056.

URL Resource
http://i.blackhat.com/Asia-25/Asia-25-Evdokimov-Remote-Exploitation-of-Nissan-Leaf.pdf cve-icon cve-icon
https://pcacybersecurity.com/resources/advisory/vulnerabilities-in-nissan-infotainment-manufactured-by-bosch cve-icon cve-icon
https://www.nissan.co.uk/vehicles/new-vehicles/leaf.html cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact