What is CVE-2025-32059?

CVE-2025-32059 is a high-severity vulnerability in Bosch Infotainment System Ecu, classified under Stack-based Buffer Overflow. CVSS score: 8.8/10. Published 2026-02-15.

How severe is CVE-2025-32059?

High severity. CVSS v3 base score is 8.8 out of 10.

Buffer overflow in Bosch Infotainment System Ecu

CVE-2025-32059

The specific flaw exists within the Bluetooth stack developed by Alps Alpine of the Infotainment ECU manufactured by Bosch. The issue results from the lack of proper boundary validation of user-supplied data, which can result in a stack-ba…

Vulnerability class: Buffer Overflow

EPSS: 0.002 (44.7th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.8 (High). Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

Affected products

Bosch Infotainment System Ecu — versions 283C30861E

Weakness classification (CWE)

CWE-121 — Stack-based Buffer Overflow

References

www.nissan.co.uk/vehicles/new-vehicles/leaf.html (product)
i.blackhat.com/Asia-25/Asia-25-Evdokimov-Remote-Exploitation-of-Nissan-Leaf.pdf (media-coverage)
pcacybersecurity.com/resources/advisory/vulnerabilities-in-nissan-infotainment-… (third-party-advisory)

Frequently asked questions

What is CVE-2025-32059?: CVE-2025-32059 is a high-severity vulnerability in Bosch Infotainment System Ecu, classified under Stack-based Buffer Overflow. CVSS score: 8.8/10. Published 2026-02-15.
How severe is CVE-2025-32059?: High severity. CVSS v3 base score is 8.8 out of 10.