CVE-2025-32057

Description

The Infotainment ECU manufactured by Bosch which is installed in Nissan Leaf ZE1 – 2020 uses a Redbend service for over-the-air provisioning and updates. HTTPS is used for communication with the back-end server. Due to usage of the default configuration for the underlying SSL engine, the server root certificate is not verified. As a result, an attacker may be able to impersonate a Redbend backend server using a self-signed certificate. First identified on Nissan Leaf ZE1 manufactured in 2020.

CVSS Details

CVSS Score

6.5

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Configurations (Affected Products)

No configuration data available.

Nissan Leaf ZE1 2020款 Infotainment ECU固件（使用Redbend OTA服务）

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

无

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-32057
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-32057
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-32057/
[4] VulDB https://vuldb.com/cve/CVE-2025-32057
[5] http://i.blackhat.com/Asia-25/Asia-25-Evdokimov-Remote-Exploitation-of-Nissan-Leaf.pdf
[6] https://pcacybersecurity.com/resources/advisory/vulnerabilities-in-nissan-infotainment-manufactured-by-bosch
[7] https://www.nissan.co.uk/vehicles/new-vehicles/leaf.html

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-32057", "sourceIdentifier": "[email protected]", "published": "2026-01-22T16:16:06.890", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "The Infotainment ECU manufactured by Bosch which is installed in Nissan Leaf ZE1 – 2020 uses a Redbend service for over-the-air provisioning and updates. HTTPS is used for communication with the back-end server. Due to usage of the default configuration for the underlying SSL engine, the server root certificate is not verified. As a result, an attacker may be able to impersonate a Redbend backend server using a self-signed certificate.\n\n\n\nFirst identified on Nissan Leaf ZE1 manufactured in 2020."}, {"lang": "es", "value": "La ECU de infoentretenimiento fabricada por Bosch que está instalada en el Nissan Leaf ZE1 – 2020 utiliza un servicio de Redbend para aprovisionamiento y actualizaciones por aire. Se utiliza HTTPS para la comunicación con el servidor de backend. Debido al uso de la configuración predeterminada para el motor SSL subyacente, el certificado raíz del servidor no se verifica. Como resultado, un atacante podría suplantar un servidor de backend de Redbend utilizando un certificado autofirmado.\n\nIdentificado por primera vez en el Nissan Leaf ZE1 fabricado en 2020."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "baseScore": 6.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-295"}]}], "references": [{"url": "http://i.blackhat.com/Asia-25/Asia-25-Evdokimov-Remote-Exploitation-of-Nissan-Leaf.pdf", "source": "[email protected]"}, {"url": "https://pcacybersecurity.com/resources/advisory/vulnerabilities-in-nissan-infotainment-manufactured-by-bosch", "source": "[email protected]"}, {"url": "https://www.nissan.co.uk/vehicles/new-vehicles/leaf.html", "source": "[email protected]"}]}}