Vulnerability cyber

Nissan

Apr 8, 2025 1 min read
Nissan

A team of researchers at PCAutomotive disclosed a critical vulnerability in Nissan Leaf EVs' infotainment systems, allowing attackers to remotely control vehicle functions. By exploiting a stack buffer overflow in the Bluetooth protocol, hackers can persistently compromise the system to manipulate doors, mirrors, steering, and safety features. The issue is compounded by outdated software and lack of firmware signing, causing potential hazards to vehicle owners and passengers. Despite being reported to Nissan, patches will only be available by Q3 2025, leaving current Leaf EVs at risk. Owners are advised to disable Bluetooth and seek dealership updates, as this security breach highlights significant automotive cybersecurity threats.

Source: https://cybersecuritynews.com/nissan-leaf-vulnerability-exploited/

TPRM report: https://scoringcyber.rankiteo.com/company/tbwa-nissanunited

"id": "tbw234040825",
"linkid": "tbwa-nissanunited",
"type": "Vulnerability",
"date": "4/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"
{'affected_entities': [{'customers_affected': 'Nissan Leaf EV Owners',
                        'industry': 'Automotive',
                        'name': 'Nissan',
                        'type': 'Automotive Manufacturer'}],
 'attack_vector': 'Bluetooth Protocol',
 'customer_advisories': 'Disable Bluetooth, Seek Dealership Updates',
 'data_breach': {'data_encryption': 'Lack of Firmware Signing'},
 'description': 'A team of researchers at PCAutomotive disclosed a critical '
                "vulnerability in Nissan Leaf EVs' infotainment systems, "
                'allowing attackers to remotely control vehicle functions. By '
                'exploiting a stack buffer overflow in the Bluetooth protocol, '
                'hackers can persistently compromise the system to manipulate '
                'doors, mirrors, steering, and safety features. The issue is '
                'compounded by outdated software and lack of firmware signing, '
                'causing potential hazards to vehicle owners and passengers. '
                'Despite being reported to Nissan, patches will only be '
                'available by Q3 2025, leaving current Leaf EVs at risk. '
                'Owners are advised to disable Bluetooth and seek dealership '
                'updates, as this security breach highlights significant '
                'automotive cybersecurity threats.',
 'impact': {'brand_reputation_impact': 'Significant Automotive Cybersecurity '
                                       'Threats',
            'operational_impact': 'Remote Control of Vehicle Functions',
            'systems_affected': 'Infotainment Systems'},
 'initial_access_broker': {'entry_point': 'Bluetooth Protocol',
                           'high_value_targets': 'Infotainment Systems'},
 'post_incident_analysis': {'corrective_actions': 'Patches to be available by '
                                                  'Q3 2025',
                            'root_causes': 'Outdated Software, Lack of '
                                           'Firmware Signing'},
 'recommendations': 'Disable Bluetooth, Seek Dealership Updates',
 'references': [{'source': 'PCAutomotive'}],
 'response': {'containment_measures': 'Disable Bluetooth, Seek Dealership '
                                      'Updates',
              'remediation_measures': 'Patches to be available by Q3 2025'},
 'title': "Critical Vulnerability in Nissan Leaf EVs' Infotainment Systems",
 'type': 'Vulnerability Exploitation',
 'vulnerability_exploited': 'Stack Buffer Overflow'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.