CVE-2024-6030 HIGH

CVE-2024-6030: Tesla Model S oFono Unnecessary Privileges Sandbox Escape Vulnerability

Vendor Tesla
Product Model S
Weakness CWE-250
Published April 30, 2025
Last update April 30, 2025

CVSS base score

7.0/10
Attack vector Local
Attack complexity High
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

Tesla Model S oFono Unnecessary Privileges Sandbox Escape Vulnerability. This vulnerability allows local attackers to escape the sandbox on affected Tesla Model S vehicles. An attacker must first obtain the ability to execute code within the sandbox on the target system in order to exploit this vulnerability. The specific flaw exists within the oFono process. The process allows an attacker to modify interfaces. An attacker can leverage this vulnerability to bypass the iptables network sandbox. Was ZDI-CAN-23200.

Key dates

02Disclosure timeline

April 30, 2025 CVE published
April 30, 2025 Record updated