Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.8
Nissan Leaf Infotainment System Can Be Hacked Remotely
CVE-2025-32062
Summary
The Nissan Leaf's infotainment system, made by Bosch and containing a Bluetooth stack from Alps Alpine, has a security weakness. An attacker could send a special message to the system, potentially allowing them to take control of it. Nissan Leaf owners should be aware of this risk and take steps to protect their vehicle, such as keeping the system updated with the latest security patches.
Original title
The specific flaw exists within the Bluetooth stack developed by Alps Alpine of the Infotainment ECU manufactured by Bosch. The issue results from the lack of proper boundary validation of user-sup...
Original description
The specific flaw exists within the Bluetooth stack developed by Alps Alpine of the Infotainment ECU manufactured by Bosch. The issue results from the lack of proper boundary validation of user-supplied data, which can result in a stack-based buffer overflow when receiving a specific packet on the established upper layer L2CAP channel. An attacker can leverage this vulnerability to obtain remote code execution on the Infotainment ECU with root privileges.
First identified on Nissan Leaf ZE1 manufactured in 2020.
First identified on Nissan Leaf ZE1 manufactured in 2020.
nvd CVSS3.1
8.8
Vulnerability type
CWE-121
Stack-based Buffer Overflow
Published: 15 Feb 2026 · Updated: 10 Mar 2026 · First seen: 6 Mar 2026