Bluetooth Stack Vulnerability in MIB3 Infotainment System by Skoda
CVE-2023-28910

8HIGH

Key Information:

Vendor: Preh Car Connect Gmbh (joynext Gmbh)
Status: Volkswagen Mib3 Infotainment System Mib3 Oi MQb
Vendor: CVE Published:; 28 June 2025

🔔 Create Preh Car Connect Gmbh (joynext Gmbh) Vulnerability Alert

What is CVE-2023-28910?

A vulnerability exists in the Bluetooth stack of the MIB3 infotainment system, specifically in Skoda vehicles. This flaw arises from a disabled abortion flag, which leads to the bypassing of critical assertion functions. As a result, malicious actors could potentially exploit this weakness to compromise vehicle security and functionality. The vulnerability affects multiple OEM part numbers of the MIB3 infotainment system, and specific details as well as impacted models can be found in related security advisories.

Affected Version(s)

Volkswagen MIB3 infotainment system MIB3 OI MQB 0 <= 0304

References

https://i.blackhat.com/EU-24/Presentations/EU-24-Parnishc...

https://pcacybersecurity.com/resources/advisory/vulnerabi...

technical-description

https://asrg.io/security-advisories/vulnerabilities-in-vo...

third-party-advisory

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 28, 2025
Vulnerability Reserved
Mar 27, 2023

Credit

Mikhail Evdokimov from PCA Cyber Security (PCAutomotive)