CVE-2025-32059

Name of the Vulnerable Software and Affected Versions Nissan Leaf versions manufactured in 2020 (affected versions not specified)

Description A flaw exists within the Bluetooth stack developed by Alps Alpine of the Infotainment ECU manufactured by Bosch. The issue is due to insufficient boundary validation of user-supplied data, leading to a stack-based buffer overflow when receiving a specific packet on the established upper layer L2CAP channel. An attacker can exploit this to achieve remote code execution on the Infotainment ECU with root privileges. The vulnerability was first identified on the Nissan Leaf ZE1 manufactured in 2020. Exploitation involves the Bluetooth Hands-Free Profile (HFP).

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.