PT-2025-40953 · Google+1 · Android Debug Bridge+1
Alex Plaskett
+1
·
Published
2025-10-06
·
Updated
2025-10-07
·
CVE-2025-34251
CVSS v4.0
8.6
High
| Vector | AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
Tesla Telematics Control Unit (TCU) firmware versions prior to 2025.14
Description
The Tesla Telematics Control Unit (TCU) firmware is susceptible to an authentication bypass. The TCU operates the Android Debug Bridge (adbd) with root privileges. Despite a security check intended to disable adb shell access, adb push/pull and adb forward functionalities remain accessible. An attacker with physical access can exploit this by writing an arbitrary file to a writable location and subsequently overwriting the kernel’s
uevent helper or /proc/sys/kernel/hotplug entries through ADB. This allows for the execution of scripts with root privileges.Recommendations
Update Tesla Telematics Control Unit (TCU) firmware to version 2025.14 or later.
Exploit
Fix
Improper Privilege Management
Authentication Bypass Using an Alternate Path or Channel
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Android Debug Bridge
Telematics Control Unit