Misconfiguration Vulnerability in BOSCH Infotainment ECU Affecting Nissan Leaf 2020
CVE-2025-32063

6.8MEDIUM

Key Information:

Vendor

Bosch
Status
Infotainment System Ecu
Vendor
CVE Published:
15 February 2026

What is CVE-2025-32063?

The vulnerability exists due to a misconfiguration in the Infotainment ECU produced by BOSCH, specifically occurring during the startup phase of a certain systemd service. This flaw inadvertently activates developer features, including a disabled firewall and an enabled SSH server, increasing the risk of unauthorized access to the vehicle's systems.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Infotainment system ECU Linux 283C30861E

References

https://www.nissan.co.uk/vehicles/new-vehicles/leaf.html
product
http://i.blackhat.com/Asia-25/Asia-25-Evdokimov-Remote-Ex...
media-coverage
https://pcacybersecurity.com/resources/advisory/vulnerabi...
third-party-advisory

CVSS V3.1

Score:
6.8
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Physical
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Radu Motspan (PCA Cyber Security Assessment Team)
JSON
.