VYPR

Leaf ZE1

by Nissan

CVEs (4)

  • CVE-2025-32058CriFeb 15, 2026
    risk 0.60cvss 9.3epss 0.00

    The Infotainment ECU manufactured by Bosch uses a RH850 module for CAN communication. RH850 is connected to infotainment over the INC interface through a custom protocol. There is a vulnerability during processing requests of this protocol on the V850 side which allows an…

  • CVE-2025-32060MedFeb 15, 2026
    risk 0.44cvss 6.7epss 0.00

    The system suffers from the absence of a kernel module signature verification. If an attacker can execute commands on behalf of root user (due to additional vulnerabilities), then he/she is also able to load custom kernel modules to the kernel space and execute code in the…

  • CVE-2025-32057MedJan 22, 2026
    risk 0.42cvss 6.5epss 0.00

    The Infotainment ECU manufactured by Bosch which is installed in Nissan Leaf ZE1 – 2020 uses a Redbend service for over-the-air provisioning and updates. HTTPS is used for communication with the back-end server. Due to usage of the default configuration for the underlying SSL…

  • CVE-2025-32056MedJan 22, 2026
    risk 0.26cvss 4.0epss 0.00

    The anti-theft protection mechanism can be bypassed by attackers due to weak response generation algorithms for the head unit. It is possible to reveal all 32 corresponding responses by sniffing CAN traffic or by pre-calculating the values, which allow to bypass the protection. …