Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2025-32060
PUBLISHED
More InfoOfficial Page
Assigner-ASRG
Assigner Org ID-c15abc07-96a9-4d11-a503-5d621bfe42ba
View Known Exploited Vulnerability (KEV) details
Published At-15 Feb, 2026 | 10:46
Updated At-15 Feb, 2026 | 10:46
Rejected At-
▼CVE Numbering Authority (CNA)
Absence of Kernel Module Signature Verification on Linux System of Infotainment ECU

The system suffers from the absence of a kernel module signature verification. If an attacker can execute commands on behalf of root user (due to additional vulnerabilities), then he/she is also able to load custom kernel modules to the kernel space and execute code in the kernel context. Such a flaw can lead to taking control over the entire system. First identified on Nissan Leaf ZE1 manufactured in 2020.

Affected Products
Vendor
Robert Bosch GmbHBosch
Product
Infotainment system ECU
Platforms
  • Linux
Default Status
unaffected
Versions
Affected
  • 283C30861E
Problem Types
TypeCWE IDDescription
CWECWE-347CWE-347: Improper Verification of Cryptographic Signature
Type: CWE
CWE ID: CWE-347
Description: CWE-347: Improper Verification of Cryptographic Signature
Metrics
VersionBase scoreBase severityVector
3.16.7MEDIUM
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 6.7
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-115CAPEC-115 Authentication Bypass
CAPEC ID: CAPEC-115
Description: CAPEC-115 Authentication Bypass
Solutions
Configurations
Workarounds
Exploits
Credits
finder
Mikhail Evdokimov (PCA Cyber Security Assessment Team)
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.nissan.co.uk/vehicles/new-vehicles/leaf.html
product
http://i.blackhat.com/Asia-25/Asia-25-Evdokimov-Remote-Exploitation-of-Nissan-Leaf.pdf
media-coverage
https://pcacybersecurity.com/resources/advisory/vulnerabilities-in-nissan-infotainment-manufactured-by-bosch
third-party-advisory
Hyperlink: https://www.nissan.co.uk/vehicles/new-vehicles/leaf.html
Resource:
product
Hyperlink: http://i.blackhat.com/Asia-25/Asia-25-Evdokimov-Remote-Exploitation-of-Nissan-Leaf.pdf
Resource:
media-coverage
Hyperlink: https://pcacybersecurity.com/resources/advisory/vulnerabilities-in-nissan-infotainment-manufactured-by-bosch
Resource:
third-party-advisory
Details not found