A critical integer-overflow flaw in the Vehicle Controller Security (VCSEC) module of Tesla Model 3 vehicles running firmware prior to 2024.14 allowed attackers within wireless range (via BLE/UWB) to send manipulated TPMS messages that bypass certificate checks, corrupt memory, and achieve remote code execution. Exploiting this vulnerability (CVE-2025-2082), adversaries could gain CAN-bus access to unlock doors, disable the immobilizer, and manipulate safety-critical functions, exposing thousands of cars to theft or potentially life-threatening scenarios. Tesla released a firmware patch in 2024.14 to harden certificate validation logic and mitigate the integer overflow. Owners are urged to apply the OTA update immediately to prevent unauthorized control of vehicle systems.
Source: https://cybersecuritynews.com/tesla-model-3-vcsec-vulnerability/
"id": "tes301050125",
"linkid": "teslamotorsinc",
"type": "Vulnerability",
"date": "5/2025",
"severity": "100",
"impact": "7",
"explanation": "Attack that could injure or kill people"