Command Injection Vulnerability in Tesla Model S Iris Modem
CVE-2024-6032

7.8HIGH

Key Information:

Vendor: Tesla
Status: Model S
Vendor: CVE Published:; 30 April 2025

What is CVE-2024-6032?

A command injection vulnerability exists in the Iris Modem of the Tesla Model S, which allows local attackers to execute arbitrary code. The flaw arises from inadequate validation of user-supplied input before it is used in system calls, enabling an attacker to execute code with root privileges on the modem. This vulnerability necessitates that an attacker first gains the capability to run code on the target system, paving the way for further exploits.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Model S 2023.44.29 with the AG525RGLAAR01A16M4G_OCPU_02.003.10.003 connectivity card

References

https://www.zerodayinitiative.com/advisories/ZDI-25-264/

x_research-advisory

CVSS V3.0

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 30, 2025
Vulnerability Reserved
Jun 14, 2024

JSON

Tesla

What is CVE-2024-6032?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.0

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.