CVE-2025-32063

Summary

There is a misconfiguration vulnerability inside the Infotainment ECU manufactured by BOSCH. The vulnerability happens during the startup phase of a specific systemd service, and as a result, the following developer features will be activated: the disabled firewall and the launched SSH server.

First identified on Nissan Leaf ZE1 manufactured in 2020.

Affected Software

VendorProductVersion RangeStatus
BoschInfotainment system ECU283C30861Eaffected

Weaknesses

  • CWE-306: CWE-306 Missing Authentication for Critical Function

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References