CVE-2025-32056

medium

Description

The anti-theft protection mechanism can be bypassed by attackers due to weak response generation algorithms for the head unit. It is possible to reveal all 32 corresponding responses by sniffing CAN traffic or by pre-calculating the values, which allow to bypass the protection. First identified on Nissan Leaf ZE1 manufactured in 2020.

References

https://www.nissan.co.uk/vehicles/new-vehicles/leaf.html

https://pcacybersecurity.com/resources/advisory/vulnerabilities-in-nissan-infotainment-manufactured-by-bosch

http://i.blackhat.com/Asia-25/Asia-25-Evdokimov-Remote-Exploitation-of-Nissan-Leaf.pdf

Details

Source: Mitre, NVD

Published: 2026-01-22

Updated: 2026-04-15

Risk Information

CVSS v2

Base Score: 3.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:N

Severity: Low

CVSS v3

Base Score: 4

Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Severity: Medium

EPSS

EPSS: 0.00009