CVE-2025-32056 MEDIUM

CVE-2025-32056: Anti-Theft Bypass for Infotainment ECU

Vendor Bosch
Product Infotainment system ECU
Weakness CWE-1241
Published January 22, 2026
Last update January 22, 2026

CVSS base score

4.0/10
Attack vector Physical
Attack complexity Low
Privileges required None
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

The anti-theft protection mechanism can be bypassed by attackers due to weak response generation algorithms for the head unit. It is possible to reveal all 32 corresponding responses by sniffing CAN traffic or by pre-calculating the values, which allow to bypass the protection. First identified on Nissan Leaf ZE1 manufactured in 2020.

Key dates

02Disclosure timeline

January 22, 2026 CVE published
January 22, 2026 Record updated