Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.3
Bosch Infotainment ECU allows attackers to send malicious car messages
CVE-2025-32058
Summary
A security flaw in some Infotainment ECUs made by Bosch allows an attacker to execute code on the system controlling car messages, potentially allowing them to send malicious messages to other car systems. This issue affects some 2020 Nissan Leaf ZE1 models. To protect your vehicle, check for software updates from your manufacturer and keep your infotainment system updated.
Original title
The Infotainment ECU manufactured by Bosch uses a RH850 module for CAN communication. RH850 is connected to infotainment over the INC interface through a custom protocol. There is a vulnerability d...
Original description
The Infotainment ECU manufactured by Bosch uses a RH850 module for CAN communication. RH850 is connected to infotainment over the INC interface through a custom protocol. There is a vulnerability during processing requests of this protocol on the V850 side which allows an attacker with code execution on the infotainment main SoC to perform code execution on the RH850 module and subsequently send arbitrary CAN messages over the connected CAN bus.
First identified on Nissan Leaf ZE1 manufactured in 2020.
First identified on Nissan Leaf ZE1 manufactured in 2020.
nvd CVSS3.1
9.3
Vulnerability type
CWE-121
Stack-based Buffer Overflow
Published: 15 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026