Home / Vulnerability Intelligence / CVE-2025-32058

CVE-2025-32058 - Vulnerability Analysis

CriticalCVSS: 9.3

Last Updated: February 15, 2026

Bosch Infotainment ECU - Remote Code Execution

Published: February 15, 2026Updated: February 15, 2026

Overview

Bosch Infotainment ECU with RH850 module contains a remote code execution vulnerability caused by improper processing of custom INC protocol requests, letting attackers with code execution on infotainment SoC execute code on RH850 and send arbitrary CAN messages.

Severity & Score

Severity: Critical

CVSS Score: 9.3

Impact

Attackers with code execution on infotainment SoC can execute code on RH850 and send arbitrary CAN messages, potentially compromising vehicle control systems.

Mitigation

Update to the latest version with fixed INC protocol processing.

References

https://pcacybersecurity.com/resources/advisory/vulnerabilities-in-nissan-infotainment-manufactured-by-bosch
https://www.nissan.co.uk/vehicles/new-vehicles/leaf.html
http://i.blackhat.com/Asia-25/Asia-25-Evdokimov-Remote-Exploitation-of-Nissan-Leaf.pdf

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2025-32058
Severity: Critical
CVSS Score: 9.3
Type: undefined
Status: new

CWE

CWE-121

CVSS Metrics

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H