CVE-2025-8321 MEDIUM

CVE-2025-8321: Tesla Wall Connector Firmware Downgrade Vulnerability

Vendor Tesla
Product Wall Connector
Weakness CWE-1328
Published July 30, 2025
Last update July 30, 2025

CVSS base score

6.8/10
Attack vector Physical
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

Tesla Wall Connector Firmware Downgrade Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Tesla Wall Connector devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the firmware upgrade feature. The issue results from the lack of an anti-downgrade mechanism. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the device. Was ZDI-CAN-26299.

Key dates

02Disclosure timeline

July 30, 2025 CVE published
July 30, 2025 Record updated