Home

Description

The Infotainment ECU manufactured by Bosch which is installed in Nissan Leaf ZE1 – 2020 uses a Redbend service for over-the-air provisioning and updates. HTTPS is used for communication with the back-end server. Due to usage of the default configuration for the underlying SSL engine, the server root certificate is not verified. As a result, an attacker may be able to impersonate a Redbend backend server using a self-signed certificate. First identified on Nissan Leaf ZE1 manufactured in 2020.

PUBLISHED Reserved 2025-04-03 | Published 2026-01-22 | Updated 2026-01-22 | Assigner ASRG




MEDIUM: 6.5CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Problem types

CWE-295: Improper Certificate Validation

Product status

Default status
unaffected

283C30861E
affected

Credits

Radu Motspan (PCA Cyber Security Assessment Team) finder

References

www.nissan.co.uk/vehicles/new-vehicles/leaf.html product

i.blackhat.com/...mov-Remote-Exploitation-of-Nissan-Leaf.pdf media-coverage

pcacybersecurity.com/...n-infotainment-manufactured-by-bosch third-party-advisory

cve.org (CVE-2025-32057)

nvd.nist.gov (CVE-2025-32057)

Download JSON