Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.8
Nissan Leaf Infotainment System Allows Remote Code Execution
CVE-2025-32061
Summary
The Infotainment system in some Nissan Leaf vehicles can be hacked remotely, potentially allowing an attacker to take control of the vehicle's computer system with complete access. This is due to a flaw in the way the system handles data from Bluetooth connections. Nissan Leaf owners should check with the manufacturer for any available updates or patches to address this issue.
Original title
The specific flaw exists within the Bluetooth stack developed by Alps Alpine of the Infotainment ECU manufactured by Bosch. The issue results from the lack of proper boundary validation of user-sup...
Original description
The specific flaw exists within the Bluetooth stack developed by Alps Alpine of the Infotainment ECU manufactured by Bosch. The issue results from the lack of proper boundary validation of user-supplied data, which can result in a stack-based buffer overflow when receiving a specific packet on the established upper layer L2CAP channel. An attacker can leverage this vulnerability to obtain remote code execution on the Infotainment ECU with root privileges.
First identified on Nissan Leaf ZE1 manufactured in 2020.
First identified on Nissan Leaf ZE1 manufactured in 2020.
nvd CVSS3.1
8.8
Vulnerability type
CWE-121
Stack-based Buffer Overflow
Published: 15 Feb 2026 · Updated: 10 Mar 2026 · First seen: 6 Mar 2026