Description

The Infotainment ECU manufactured by Bosch which is installed in Nissan Leaf ZE1 – 2020 uses a Redbend service for over-the-air provisioning and updates. HTTPS is used for communication with the back-end server. Due to usage of the default configuration for the underlying SSL engine, the server root certificate is not verified. As a result, an attacker may be able to impersonate a Redbend backend server using a self-signed certificate. First identified on Nissan Leaf ZE1 manufactured in 2020.

INFO

Published Date :

2026-01-22T15:22:21.626Z

Last Modified :

2026-01-22T15:43:11.681Z

Source :

ASRG
AFFECTED PRODUCTS

The following products are affected by CVE-2025-32057 vulnerability.

Vendors Products
Bosch
  • Infotainment System Ecu
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-32057.

URL Resource
http://i.blackhat.com/Asia-25/Asia-25-Evdokimov-Remote-Exploitation-of-Nissan-Leaf.pdf cve-icon cve-icon
https://pcacybersecurity.com/resources/advisory/vulnerabilities-in-nissan-infotainment-manufactured-by-bosch cve-icon cve-icon
https://www.nissan.co.uk/vehicles/new-vehicles/leaf.html cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact