CVE-2025-34251 HIGH

CVE-2025-34251: Tesla Telematics Control Unit (TCU) < v2025.14 Authentication Bypass

Vendor Tesla
Product Telematics Control Unit (TCU)
Weakness CWE-269
Published October 6, 2025
Last update May 15, 2026

CVSS base score

8.6/10
Attack vector Physical
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

What the vulnerability does

01Description

Tesla Telematics Control Unit (TCU) firmware prior to v2025.14 contains an authentication bypass vulnerability. The TCU runs the Android Debug Bridge (adbd) as root and, despite a “lockdown” check that disables adb shell, still permits adb push/pull and adb forward. Because adbd is privileged and the device’s USB port is exposed externally, an attacker with physical access can write an arbitrary file to a writable location and then overwrite the kernel’s uevent_helper or /proc/sys/kernel/hotplug entries via ADB, causing the script to be executed with root privileges.

Key dates

02Disclosure timeline

October 6, 2025 CVE published
May 15, 2026 Record updated