What is CVE-2025-32056?

CVE-2025-32056 is a medium-severity vulnerability in Bosch Infotainment System Ecu, classified under CWE-1241. CVSS score: 4.0/10. Published 2026-01-22.

How severe is CVE-2025-32056?

Medium severity. CVSS v3 base score is 4.0 out of 10.

Vulnerability in Bosch Infotainment System Ecu

CVE-2025-32056

The anti-theft protection mechanism can be bypassed by attackers due to weak response generation algorithms for the head unit. It is possible to reveal all 32 corresponding responses by sniffing CAN traffic or by pre-calculating the values…

EPSS: 0.000 (1.4th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 4.0 (Medium). Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N.

Affected products

Bosch Infotainment System Ecu — versions 283C30861E

Weakness classification (CWE)

CWE-1241

References

www.nissan.co.uk/vehicles/new-vehicles/leaf.html (product)
i.blackhat.com/Asia-25/Asia-25-Evdokimov-Remote-Exploitation-of-Nissan-Leaf.pdf (media-coverage)
pcacybersecurity.com/resources/advisory/vulnerabilities-in-nissan-infotainment-… (technical-description)

Frequently asked questions

What is CVE-2025-32056?: CVE-2025-32056 is a medium-severity vulnerability in Bosch Infotainment System Ecu, classified under CWE-1241. CVSS score: 4.0/10. Published 2026-01-22.
How severe is CVE-2025-32056?: Medium severity. CVSS v3 base score is 4.0 out of 10.