CVE-2025-32057

Name of the Vulnerable Software and Affected Versions Nissan Leaf ZE1 – 2020

Description The Infotainment ECU manufactured by Bosch, used in Nissan Leaf ZE1 vehicles from 2020, utilizes a Redbend service for over-the-air provisioning and updates via HTTPS. The system’s SSL engine uses a default configuration that does not verify the server root certificate. This allows an attacker to potentially impersonate a Redbend backend server using a self-signed certificate.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.