CVE-2025-32061

Name of the Vulnerable Software and Affected Versions Bosch Infotainment ECU (affected versions not specified)

Description A flaw exists in the Bluetooth stack developed by Alps Alpine within the Infotainment ECU manufactured by Bosch. This is due to insufficient validation of user-supplied data, leading to a stack-based buffer overflow when a specific packet is received on the L2CAP channel. Successful exploitation could allow an attacker to achieve remote code execution on the Infotainment ECU with root privileges. The vulnerability was first identified on Nissan Leaf ZE1 vehicles manufactured in 2020.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.