FKIE_CVE-2025-32057

Vulnerability from fkie_nvd - Published: 2026-01-22 16:16 - Updated: 2026-04-15 00:35
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Summary
The Infotainment ECU manufactured by Bosch which is installed in Nissan Leaf ZE1 – 2020 uses a Redbend service for over-the-air provisioning and updates. HTTPS is used for communication with the back-end server. Due to usage of the default configuration for the underlying SSL engine, the server root certificate is not verified. As a result, an attacker may be able to impersonate a Redbend backend server using a self-signed certificate. First identified on Nissan Leaf ZE1 manufactured in 2020.
References
cve@asrg.iohttp://i.blackhat.com/Asia-25/Asia-25-Evdokimov-Remote-Exploitation-of-Nissan-Leaf.pdf
cve@asrg.iohttps://pcacybersecurity.com/resources/advisory/vulnerabilities-in-nissan-infotainment-manufactured-by-bosch
cve@asrg.iohttps://www.nissan.co.uk/vehicles/new-vehicles/leaf.html
Impacted products
Vendor Product Version
To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Infotainment ECU manufactured by Bosch which is installed in Nissan Leaf ZE1 \u2013 2020 uses a Redbend service for over-the-air provisioning and updates. HTTPS is used for communication with the back-end server. Due to usage of the default configuration for the underlying SSL engine, the server root certificate is not verified. As a result, an attacker may be able to impersonate a Redbend backend server using a self-signed certificate.\n\n\n\nFirst identified on Nissan Leaf ZE1 manufactured in 2020."
    },
    {
      "lang": "es",
      "value": "La ECU de infoentretenimiento fabricada por Bosch que est\u00e1 instalada en el Nissan Leaf ZE1 \u2013 2020 utiliza un servicio de Redbend para aprovisionamiento y actualizaciones por aire. Se utiliza HTTPS para la comunicaci\u00f3n con el servidor de backend. Debido al uso de la configuraci\u00f3n predeterminada para el motor SSL subyacente, el certificado ra\u00edz del servidor no se verifica. Como resultado, un atacante podr\u00eda suplantar un servidor de backend de Redbend utilizando un certificado autofirmado.\n\nIdentificado por primera vez en el Nissan Leaf ZE1 fabricado en 2020."
    }
  ],
  "id": "CVE-2025-32057",
  "lastModified": "2026-04-15T00:35:42.020",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "cve@asrg.io",
        "type": "Secondary"
      }
    ]
  },
  "published": "2026-01-22T16:16:06.890",
  "references": [
    {
      "source": "cve@asrg.io",
      "url": "http://i.blackhat.com/Asia-25/Asia-25-Evdokimov-Remote-Exploitation-of-Nissan-Leaf.pdf"
    },
    {
      "source": "cve@asrg.io",
      "url": "https://pcacybersecurity.com/resources/advisory/vulnerabilities-in-nissan-infotainment-manufactured-by-bosch"
    },
    {
      "source": "cve@asrg.io",
      "url": "https://www.nissan.co.uk/vehicles/new-vehicles/leaf.html"
    }
  ],
  "sourceIdentifier": "cve@asrg.io",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-295"
        }
      ],
      "source": "cve@asrg.io",
      "type": "Secondary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.