Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.8
Nissan Infotainment System Bluetooth Security Risk: Remote Code Execution
CVE-2025-32059
Summary
The Nissan Infotainment System's Bluetooth connection is vulnerable to a security risk that could allow an attacker to take control of the system with complete access. This could happen if a hacker sends a specially crafted message to the system. Nissan Leaf owners should be aware of this risk and consider taking steps to update their system.
Original title
The specific flaw exists within the Bluetooth stack developed by Alps Alpine of the Infotainment ECU manufactured by Bosch. The issue results from the lack of proper boundary validation of user-sup...
Original description
The specific flaw exists within the Bluetooth stack developed by Alps Alpine of the Infotainment ECU manufactured by Bosch. The issue results from the lack of proper boundary validation of user-supplied data, which can result in a stack-based buffer overflow when receiving a specific packet on the established upper layer L2CAP channel. An attacker can leverage this vulnerability to obtain remote code execution on the Infotainment ECU with root privileges.
First identified on Nissan Leaf ZE1 manufactured in 2020.
First identified on Nissan Leaf ZE1 manufactured in 2020.
nvd CVSS3.1
8.8
Vulnerability type
CWE-121
Stack-based Buffer Overflow
Published: 15 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026