Home

Description

The anti-theft protection mechanism can be bypassed by attackers due to weak response generation algorithms for the head unit. It is possible to reveal all 32 corresponding responses by sniffing CAN traffic or by pre-calculating the values, which allow to bypass the protection. First identified on Nissan Leaf ZE1 manufactured in 2020.

PUBLISHED Reserved 2025-04-03 | Published 2026-01-22 | Updated 2026-01-22 | Assigner ASRG




MEDIUM: 4.0CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Problem types

CWE-1241: Use of Predictable Algorithm in Random Number Generator

Product status

Default status
unaffected

283C30861E (283C30861E)
affected

Credits

Polina Smirnova (PCA Cyber Security Assessment Team) finder

References

www.nissan.co.uk/vehicles/new-vehicles/leaf.html product

i.blackhat.com/...mov-Remote-Exploitation-of-Nissan-Leaf.pdf media-coverage

pcacybersecurity.com/...n-infotainment-manufactured-by-bosch technical-description

cve.org (CVE-2025-32056)

nvd.nist.gov (CVE-2025-32056)

Download JSON