Heap Buffer Overflow Vulnerability in Skoda MIB3 Infotainment Unit
CVE-2023-28905

8HIGH

Key Information:

Vendor: Preh Car Connect Gmbh (joynext Gmbh)
Status: Volkswagen Mib3 Infotainment System Mib3 Oi MQb
Vendor: CVE Published:; 28 June 2025

🔔 Create Preh Car Connect Gmbh (joynext Gmbh) Vulnerability Alert

What is CVE-2023-28905?

A vulnerability in the image processing binary of the MIB3 infotainment unit in Skoda vehicles can lead to a heap buffer overflow. This potentially allows attackers to execute arbitrary code within the system, posing a significant security risk. Initially identified in the Skoda Superb III with OEM part number 3V0035820, additional affected part numbers can be found in related resources. Given the integration of infotainment systems in modern vehicles, timely remediation is crucial to safeguard against possible exploits.

Affected Version(s)

Volkswagen MIB3 infotainment system MIB3 OI MQB 0 <= 0304

References

https://i.blackhat.com/EU-24/Presentations/EU-24-Parnishc...

https://pcacybersecurity.com/resources/advisory/vulnerabi...

technical-description

https://asrg.io/security-advisories/vulnerabilities-in-vo...

third-party-advisory

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 28, 2025
Vulnerability Reserved
Mar 27, 2023

Credit

Artem Ivachev from PCA Cyber Security (PCAutomotive)