{"uuid": "a43fd67f-2a06-4a08-a857-a370db5932da", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-2082", "type": "published-proof-of-concept", "source": "https://t.me/bigbtother/267", "content": "\u2764\ufe0f Running code on Tesla security ECU from tire: dlDetails on new CVE-2025-2082 vulnerability.\n\nSecurity researchers Thomas Imbert, Vincent Dehors, and David B\u00e9rard found and responsibly disclosed recently a remote code execution (RCE) vulnerability in Tesla's VCSEC ECU.\n\nTechnical overview: By manipulating the response sent from the Tire Pressure Monitoring System (TPMS), an attacker can trigger an integer overflow and execute code in the context of the VCSEC module. This gives the attacker the ability to send arbitrary messages to the vehicle's CAN bus.\n\nMore details: \"0-click RCE on Tesla Model 3 through TPMS Sensors\" [PDF]:\nhttps://www.synacktiv.com/sites/default/files/2024-10/hexacon_0_click_rce_on_tesla_model_3_through_tpms_sensors_light.pdf\n\nAdvisory: https://www.zerodayinitiative.com/advisories/ZDI-25-265/\n\nUnder Pressure: Exploring a Zero-Click RCE Vulnerability in Tesla's TPMS:\nhttps://vicone.com/blog/under-pressure-exploring-a-zero-click-rce-vulnerability-in-teslas-tpms", "creation_timestamp": "2025-05-08T11:55:09.000000Z"}