CVE-2025-2082

Tesla Model 3 and Affected Versions Tesla Model 3 (affected versions not specified)

Description This issue allows network-adjacent attackers to execute arbitrary code on affected Tesla Model 3 vehicles without authentication. The flaw resides within the VCSEC module. An attacker can trigger an integer overflow by manipulating the certificate response from the Tire Pressure Monitoring System (TPMS) before writing to memory. This allows the attacker to execute code in the context of the VCSEC module and send arbitrary messages to the vehicle CAN bus. The vulnerability was discovered by security researchers Thomas Imbert, Vincent Dehors, and David Bérard and responsibly disclosed. Exploitation involves manipulating the TPMS certificate response to cause an integer overflow, leading to code execution within the VCSEC module. The attacker can then send arbitrary messages to the CAN bus.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.