CVE-2025-6785 MEDIUM

CVE-2025-6785: Tesla Model 3 Physical CAN Bus Injection

Vendor Tesla
Product Model 3
Weakness CWE-74
Published September 4, 2025
Last update September 11, 2025

CVSS base score

4.7/10
Attack vector Physical
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H/S:N/AU:Y/R:A/V:D/RE:L/U:Amber

What the vulnerability does

01Description

Securing externally available CAN wires can easily allow physical access to the CAN bus, allowing possible injection of specially formed CAN messages to control remote start functions of the vehicle.  Testing completed on Tesla Model 3 vehicles with software version v11.1 (2023.20.9 ee6de92ddac5). This issue affects Model 3: With software versions from 2023.Xx before 2023.44.

Key dates

02Disclosure timeline

September 4, 2025 CVE published
September 11, 2025 Record updated