Unrated severityNVD Advisory· Published Jan 18, 2024· Updated Jun 17, 2025

Trip Data Disclosure from Backend

CVE-2023-28901

Description

The Skoda Automotive cloud contains a Broken Access Control vulnerability, allowing remote attackers to obtain recent trip data, vehicle mileage, fuel consumption, average and maximum speed, and other information of Skoda Connect service users by specifying an arbitrary vehicle VIN number.

Affected products

Skoda Auto/Skoda Connectv5
Range: 0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

asrg.io/security-advisories/cve-2023-28901/mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000