CVE-2025-32062

Name of the Vulnerable Software and Affected Versions Bosch Infotainment ECU versions (affected versions not specified)

Description A flaw exists within the Bluetooth stack developed by Alps Alpine of the Infotainment ECU manufactured by Bosch. The issue is due to a lack of proper boundary validation of user-supplied data, which can lead to a stack-based buffer overflow when receiving a specific packet on the established upper layer L2CAP channel. An attacker can exploit this to obtain remote code execution on the Infotainment ECU with root privileges. The issue was first identified on Nissan Leaf ZE1 manufactured in 2020.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.