Medium severity6.5NVD Advisory· Published Jan 22, 2026· Updated Apr 15, 2026

CVE-2025-32057

Description

The Infotainment ECU manufactured by Bosch which is installed in Nissan Leaf ZE1 – 2020 uses a Redbend service for over-the-air provisioning and updates. HTTPS is used for communication with the back-end server. Due to usage of the default configuration for the underlying SSL engine, the server root certificate is not verified. As a result, an attacker may be able to impersonate a Redbend backend server using a self-signed certificate.

First identified on Nissan Leaf ZE1 manufactured in 2020.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

i.blackhat.com/Asia-25/Asia-25-Evdokimov-Remote-Exploitation-of-Nissan-Leaf.pdfnvd
pcacybersecurity.com/resources/advisory/vulnerabilities-in-nissan-infotainment-manufactured-by-boschnvd
www.nissan.co.uk/vehicles/new-vehicles/leaf.htmlnvd

News mentions

No linked articles in our index yet.

cvss	0.423
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000