Physical Access Vulnerability in Tesla Model 3 Vehicle Control Systems
CVE-2025-6785

4.7MEDIUM

Key Information:

Vendor: Tesla
Status: Model 3
Vendor: CVE Published:; 4 September 2025

What is CVE-2025-6785?

This vulnerability allows unauthorized physical access to the Controller Area Network (CAN) bus of Tesla Model 3 vehicles. Attackers can exploit this access to inject specially crafted CAN messages, potentially compromising the vehicle's remote start functions. Testing has confirmed this issue in Tesla Model 3 with software version v11.1, as well as in earlier software versions until v2023.44. Ensuring proper security measures for access to CAN wires is crucial to prevent exploitation of this vulnerability.

Affected Version(s)

Model 3 2023.xx < 2023.44

References

https://asrg.io/security-advisories/cve-2025-6785/

third-party-advisory

CVSS V4

Score:

4.7

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Physical

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 4, 2025
Vulnerability Reserved
Jun 27, 2025