High severity8.8NVD Advisory· Published Feb 15, 2026· Updated Apr 15, 2026

CVE-2025-32061

Description

The specific flaw exists within the Bluetooth stack developed by Alps Alpine of the Infotainment ECU manufactured by Bosch. The issue results from the lack of proper boundary validation of user-supplied data, which can result in a stack-based buffer overflow when receiving a specific packet on the established upper layer L2CAP channel. An attacker can leverage this vulnerability to obtain remote code execution on the Infotainment ECU with root privileges.

First identified on Nissan Leaf ZE1 manufactured in 2020.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

i.blackhat.com/Asia-25/Asia-25-Evdokimov-Remote-Exploitation-of-Nissan-Leaf.pdfnvd
pcacybersecurity.com/resources/advisory/vulnerabilities-in-nissan-infotainment-manufactured-by-boschnvd
www.nissan.co.uk/vehicles/new-vehicles/leaf.htmlnvd

News mentions

No linked articles in our index yet.

cvss	0.572
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000