ByteOS Network

NVD Vulnerability Details :

CVE-2025-32058

Received

Source-cve@asrg.io

Published At-15 Feb, 2026 | 11:15

Updated At-15 Feb, 2026 | 11:15

The Infotainment ECU manufactured by Bosch uses a RH850 module for CAN communication. RH850 is connected to infotainment over the INC interface through a custom protocol. There is a vulnerability during processing requests of this protocol on the V850 side which allows an attacker with code execution on the infotainment main SoC to perform code execution on the RH850 module and subsequently send arbitrary CAN messages over the connected CAN bus. First identified on Nissan Leaf ZE1 manufactured in 2020.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	9.3	CRITICAL	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Type: Secondary

Version: 3.1

Base score: 9.3

Base severity: CRITICAL

Vector:

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Weaknesses

CWE ID	Type	Source
CWE-121	Secondary	cve@asrg.io

CWE ID: CWE-121

Type: Secondary

Source: cve@asrg.io

References

Hyperlink	Source	Resource
http://i.blackhat.com/Asia-25/Asia-25-Evdokimov-Remote-Exploitation-of-Nissan-Leaf.pdf	cve@asrg.io	N/A
https://pcacybersecurity.com/resources/advisory/vulnerabilities-in-nissan-infotainment-manufactured-by-bosch	cve@asrg.io	N/A
https://www.nissan.co.uk/vehicles/new-vehicles/leaf.html	cve@asrg.io	N/A

Hyperlink: http://i.blackhat.com/Asia-25/Asia-25-Evdokimov-Remote-Exploitation-of-Nissan-Leaf.pdf

Source: cve@asrg.io

Resource: N/A

Hyperlink: https://pcacybersecurity.com/resources/advisory/vulnerabilities-in-nissan-infotainment-manufactured-by-bosch

Source: cve@asrg.io

Resource: N/A

Hyperlink: https://www.nissan.co.uk/vehicles/new-vehicles/leaf.html

Source: cve@asrg.io

Resource: N/A

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History