Security Flaw in Infotainment System of Nissan Leaf ZE1 by Bosch
CVE-2025-32057

6.5MEDIUM

Key Information:

Vendor

Bosch
Status
Infotainment System Ecu
Vendor
CVE Published:
22 January 2026

What is CVE-2025-32057?

The Infotainment ECU developed by Bosch for the Nissan Leaf ZE1 – 2020 is susceptible to a security vulnerability arising from its reliance on the Redbend service for over-the-air updates. This vulnerability stems from the default SSL engine configuration that fails to properly verify the server root certificate. Consequently, this allows potential attackers to impersonate a Redbend backend server through self-signed certificates, posing a significant risk to data integrity and vehicle security.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Infotainment system ECU Linux 283C30861E

References

https://www.nissan.co.uk/vehicles/new-vehicles/leaf.html
product
http://i.blackhat.com/Asia-25/Asia-25-Evdokimov-Remote-Ex...
media-coverage
https://pcacybersecurity.com/resources/advisory/vulnerabi...
third-party-advisory

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Radu Motspan (PCA Cyber Security Assessment Team)
JSON
.