CVE-2025-32063

{"id": "CVE-2025-32063", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "cve@asrg.io", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.8, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 0.9}]}, "published": "2026-02-15T11:15:54.443", "references": [{"url": "http://i.blackhat.com/Asia-25/Asia-25-Evdokimov-Remote-Exploitation-of-Nissan-Leaf.pdf", "source": "cve@asrg.io"}, {"url": "https://pcacybersecurity.com/resources/advisory/vulnerabilities-in-nissan-infotainment-manufactured-by-bosch", "source": "cve@asrg.io"}, {"url": "https://www.nissan.co.uk/vehicles/new-vehicles/leaf.html", "source": "cve@asrg.io"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "cve@asrg.io", "description": [{"lang": "en", "value": "CWE-306"}]}], "descriptions": [{"lang": "en", "value": "There is a misconfiguration vulnerability inside the Infotainment ECU manufactured by BOSCH. The vulnerability happens during the startup phase of a specific systemd service, and as a result, the following developer features will be activated: the disabled firewall and the launched SSH server.\n\n\n\nFirst identified on Nissan Leaf ZE1 manufactured in 2020."}, {"lang": "es", "value": "Hay una vulnerabilidad de configuraci\u00f3n err\u00f3nea dentro de la ECU de infoentretenimiento fabricada por BOSCH. La vulnerabilidad se produce durante la fase de inicio de un servicio systemd espec\u00edfico y, como resultado, se activar\u00e1n las siguientes funciones de desarrollador: el cortafuegos deshabilitado y el servidor SSH iniciado.\n\nIdentificada por primera vez en el Nissan Leaf ZE1 fabricado en 2020."}], "lastModified": "2026-02-18T17:52:22.253", "sourceIdentifier": "cve@asrg.io"}