CVE-2025-32058

Name of the Vulnerable Software and Affected Versions Bosch Infotainment ECU versions (affected versions not specified)

Description The Infotainment ECU, manufactured by Bosch, utilizes an RH850 module for CAN communication. The RH850 module connects to the infotainment system via the INC interface and a custom protocol. A flaw in the processing of requests through this protocol on the RH850 side allows an attacker who has code execution on the infotainment main SoC to achieve code execution on the RH850 module. Successful exploitation enables the attacker to send arbitrary CAN messages over the connected CAN bus. This issue was initially identified on the Nissan Leaf ZE1 manufactured in 2020.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.