Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
6.8
BOSCH Infotainment ECU Misconfigures Firewall and SSH Server
CVE-2025-32063
Summary
A misconfiguration in BOSCH's Infotainment ECU can allow unauthorized access to a vehicle's internal systems. This is particularly concerning for owners of Nissan Leaf ZE1 models from 2020, as it may leave them exposed to potential security threats. To mitigate this risk, affected vehicle owners should have their Infotainment ECU updated by a certified technician.
Original title
There is a misconfiguration vulnerability inside the Infotainment ECU manufactured by BOSCH. The vulnerability happens during the startup phase of a specific systemd service, and as a result, the f...
Original description
There is a misconfiguration vulnerability inside the Infotainment ECU manufactured by BOSCH. The vulnerability happens during the startup phase of a specific systemd service, and as a result, the following developer features will be activated: the disabled firewall and the launched SSH server.
First identified on Nissan Leaf ZE1 manufactured in 2020.
First identified on Nissan Leaf ZE1 manufactured in 2020.
nvd CVSS3.1
6.8
Vulnerability type
CWE-306
Missing Authentication for Critical Function
Published: 15 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026