CVE-2025-32056 (GCVE-0-2025-32056)

Vulnerability from cvelistv5 – Published: 2026-01-22 15:21 – Updated: 2026-01-22 15:44
VLAI
Title
Anti-Theft Bypass for Infotainment ECU
Summary
The anti-theft protection mechanism can be bypassed by attackers due to weak response generation algorithms for the head unit. It is possible to reveal all 32 corresponding responses by sniffing CAN traffic or by pre-calculating the values, which allow to bypass the protection. First identified on Nissan Leaf ZE1 manufactured in 2020.
Severity
4 (Medium)
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-1241 - Use of Predictable Algorithm in Random Number Generator
Assigner
References
Impacted products
Vendor Product Version
Bosch Infotainment system ECU Affected: 283C30861E (283C30861E)
Create a notification for this product.
Credits
Polina Smirnova (PCA Cyber Security Assessment Team)
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-32056",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-22T15:44:24.806159Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-22T15:44:40.651Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Linux"
          ],
          "product": "Infotainment system ECU",
          "vendor": "Bosch",
          "versions": [
            {
              "status": "affected",
              "version": "283C30861E",
              "versionType": "283C30861E"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:bosch:infotainment_system_ecu:283c30861e:*:linux:*:*:*:*:*",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ],
          "operator": "OR"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Polina Smirnova (PCA Cyber Security Assessment Team)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "The anti-theft protection mechanism can be bypassed by attackers due to weak response generation algorithms for the head unit. It is possible to reveal all 32 corresponding responses by sniffing CAN traffic or by pre-calculating the values, which allow to bypass the protection.\u003cbr\u003e\u003cbr\u003eFirst identified on \u003cspan style=\"background-color: var(--wht);\"\u003eNissan Leaf ZE1 manufactured in 2020.\u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "The anti-theft protection mechanism can be bypassed by attackers due to weak response generation algorithms for the head unit. It is possible to reveal all 32 corresponding responses by sniffing CAN traffic or by pre-calculating the values, which allow to bypass the protection.\n\nFirst identified on Nissan Leaf ZE1 manufactured in 2020."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-115",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-115 Authentication Bypass"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "PHYSICAL",
            "availabilityImpact": "NONE",
            "baseScore": 4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1241",
              "description": "CWE-1241: Use of Predictable Algorithm in Random Number Generator",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-22T15:21:21.945Z",
        "orgId": "c15abc07-96a9-4d11-a503-5d621bfe42ba",
        "shortName": "ASRG"
      },
      "references": [
        {
          "tags": [
            "product"
          ],
          "url": "https://www.nissan.co.uk/vehicles/new-vehicles/leaf.html"
        },
        {
          "tags": [
            "media-coverage"
          ],
          "url": "http://i.blackhat.com/Asia-25/Asia-25-Evdokimov-Remote-Exploitation-of-Nissan-Leaf.pdf"
        },
        {
          "tags": [
            "technical-description"
          ],
          "url": "https://pcacybersecurity.com/resources/advisory/vulnerabilities-in-nissan-infotainment-manufactured-by-bosch"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Anti-Theft Bypass for Infotainment ECU",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c15abc07-96a9-4d11-a503-5d621bfe42ba",
    "assignerShortName": "ASRG",
    "cveId": "CVE-2025-32056",
    "datePublished": "2026-01-22T15:21:21.945Z",
    "dateReserved": "2025-04-03T15:32:43.280Z",
    "dateUpdated": "2026-01-22T15:44:40.651Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2025-32056",
      "date": "2026-06-30",
      "epss": "0.00318",
      "percentile": "0.23535"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-32056\",\"sourceIdentifier\":\"cve@asrg.io\",\"published\":\"2026-01-22T16:16:06.720\",\"lastModified\":\"2026-06-17T09:11:22.957\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The anti-theft protection mechanism can be bypassed by attackers due to weak response generation algorithms for the head unit. It is possible to reveal all 32 corresponding responses by sniffing CAN traffic or by pre-calculating the values, which allow to bypass the protection.\\n\\nFirst identified on Nissan Leaf ZE1 manufactured in 2020.\"},{\"lang\":\"es\",\"value\":\"El mecanismo de protecci\u00f3n antirrobo puede ser eludido por atacantes debido a algoritmos d\u00e9biles de generaci\u00f3n de respuestas para la unidad principal. Es posible revelar las 32 respuestas correspondientes mediante la captura del tr\u00e1fico CAN o precalculando los valores, lo que permite eludir la protecci\u00f3n.\\n\\nIdentificado por primera vez en el Nissan Leaf ZE1 fabricado en 2020.\"}],\"affected\":[{\"source\":\"cve@asrg.io\",\"affectedData\":[{\"vendor\":\"Bosch\",\"product\":\"Infotainment system ECU\",\"defaultStatus\":\"unaffected\",\"platforms\":[\"Linux\"],\"versions\":[{\"version\":\"283C30861E\",\"versionType\":\"283C30861E\",\"status\":\"affected\"}]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"cve@asrg.io\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N\",\"baseScore\":4.0,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"PHYSICAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":0.9,\"impactScore\":2.7}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2026-01-22T15:44:24.806159Z\",\"id\":\"CVE-2025-32056\",\"options\":[{\"exploitation\":\"none\"},{\"automatable\":\"no\"},{\"technicalImpact\":\"partial\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"cve@asrg.io\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-1241\"}]}],\"references\":[{\"url\":\"http://i.blackhat.com/Asia-25/Asia-25-Evdokimov-Remote-Exploitation-of-Nissan-Leaf.pdf\",\"source\":\"cve@asrg.io\"},{\"url\":\"https://pcacybersecurity.com/resources/advisory/vulnerabilities-in-nissan-infotainment-manufactured-by-bosch\",\"source\":\"cve@asrg.io\"},{\"url\":\"https://www.nissan.co.uk/vehicles/new-vehicles/leaf.html\",\"source\":\"cve@asrg.io\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-32056\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-01-22T15:44:24.806159Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-01-22T15:44:33.504Z\"}}], \"cna\": {\"title\": \"Anti-Theft Bypass for Infotainment ECU\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Polina Smirnova (PCA Cyber Security Assessment Team)\"}], \"impacts\": [{\"capecId\": \"CAPEC-115\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-115 Authentication Bypass\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 4, \"attackVector\": \"PHYSICAL\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"LOW\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Bosch\", \"product\": \"Infotainment system ECU\", \"versions\": [{\"status\": \"affected\", \"version\": \"283C30861E\", \"versionType\": \"283C30861E\"}], \"platforms\": [\"Linux\"], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://www.nissan.co.uk/vehicles/new-vehicles/leaf.html\", \"tags\": [\"product\"]}, {\"url\": \"http://i.blackhat.com/Asia-25/Asia-25-Evdokimov-Remote-Exploitation-of-Nissan-Leaf.pdf\", \"tags\": [\"media-coverage\"]}, {\"url\": \"https://pcacybersecurity.com/resources/advisory/vulnerabilities-in-nissan-infotainment-manufactured-by-bosch\", \"tags\": [\"technical-description\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"The anti-theft protection mechanism can be bypassed by attackers due to weak response generation algorithms for the head unit. It is possible to reveal all 32 corresponding responses by sniffing CAN traffic or by pre-calculating the values, which allow to bypass the protection.\\n\\nFirst identified on Nissan Leaf ZE1 manufactured in 2020.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"The anti-theft protection mechanism can be bypassed by attackers due to weak response generation algorithms for the head unit. It is possible to reveal all 32 corresponding responses by sniffing CAN traffic or by pre-calculating the values, which allow to bypass the protection.\u003cbr\u003e\u003cbr\u003eFirst identified on \u003cspan style=\\\"background-color: var(--wht);\\\"\u003eNissan Leaf ZE1 manufactured in 2020.\u003c/span\u003e\u003cbr\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-1241\", \"description\": \"CWE-1241: Use of Predictable Algorithm in Random Number Generator\"}]}], \"cpeApplicability\": [{\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:a:bosch:infotainment_system_ecu:283c30861e:*:linux:*:*:*:*:*\", \"vulnerable\": true}], \"operator\": \"OR\"}], \"operator\": \"OR\"}], \"providerMetadata\": {\"orgId\": \"c15abc07-96a9-4d11-a503-5d621bfe42ba\", \"shortName\": \"ASRG\", \"dateUpdated\": \"2026-01-22T15:21:21.945Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-32056\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-01-22T15:44:40.651Z\", \"dateReserved\": \"2025-04-03T15:32:43.280Z\", \"assignerOrgId\": \"c15abc07-96a9-4d11-a503-5d621bfe42ba\", \"datePublished\": \"2026-01-22T15:21:21.945Z\", \"assignerShortName\": \"ASRG\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.





Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.


Detection rules are retrieved from Rulezet.