Buffer Overflow Vulnerability in Bosch's Infotainment ECU Affected by Alps Alpine Bluetooth Stack
CVE-2025-32059

8.8HIGH

Key Information:

Vendor

Bosch
Status
Infotainment System Ecu
Vendor
CVE Published:
15 February 2026

What is CVE-2025-32059?

A significant vulnerability has been identified in the Bluetooth stack of the Infotainment ECU developed by Alps Alpine, used in Bosch manufactured vehicles, particularly the Nissan Leaf ZE1 from 2020. This vulnerability arises from inadequate boundary validation of data provided by users. When a specific type of packet is received on the established L2CAP channel, it can lead to a stack-based buffer overflow. An attacker exploiting this flaw could potentially execute arbitrary code with elevated privileges on the Infotainment ECU, posing serious security risks.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Infotainment system ECU Linux 283C30861E

References

https://www.nissan.co.uk/vehicles/new-vehicles/leaf.html
product
http://i.blackhat.com/Asia-25/Asia-25-Evdokimov-Remote-Ex...
media-coverage
https://pcacybersecurity.com/resources/advisory/vulnerabi...
third-party-advisory

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Mikhail Evdokimov (PCA Cyber Security Assessment Team)
JSON
.