Privilege Escalation in MIB3 Infotainment Unit for Skoda and Volkswagen Vehicles
CVE-2023-29113

6.3MEDIUM

Key Information:

Vendor: Preh Car Connect Gmbh (joynext Gmbh)
Status: Volkswagen Mib3 Infotainment System Mib3 Oi MQb
Vendor: CVE Published:; 28 June 2025

🔔 Create Preh Car Connect Gmbh (joynext Gmbh) Vulnerability Alert

What is CVE-2023-29113?

The MIB3 infotainment units in specific Skoda and Volkswagen vehicles lack proper privilege separation in their inter-process communication system. This oversight allows an attacker with internal access to bypass operating system-level access controls, potentially compromising the integrity and security of the vehicle's systems. The vulnerability poses a significant risk as it can be exploited to manipulate vehicle functions or access sensitive data.

Affected Version(s)

Volkswagen MIB3 infotainment system MIB3 OI MQB 0 <= 0304

References

https://i.blackhat.com/EU-24/Presentations/EU-24-Parnishc...

https://pcacybersecurity.com/resources/advisory/vulnerabi...

technical-description

https://asrg.io/security-advisories/vulnerabilities-in-vo...

third-party-advisory

CVSS V3.1

Score:

6.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 28, 2025
Vulnerability Reserved
Mar 31, 2023

Credit

Artem Ivachev from PCA Cyber Security (PCAutomotive)