CVE-2025-6785

Severity CVSS v4.0:

MEDIUM

Type:

CWE-74 Injection

Publication date:

04/09/2025

Last modified:

04/09/2025

Description

Securing externally available CAN wires can easily allow physical access to the CAN bus, allowing possible injection of specially formed CAN messages to control remote start functions of the vehicle. Testing completed on Tesla Model 3 vehicles with software version v11.1 (2023.20.9 ee6de92ddac5). This issue affects Model 3: With software versions from 2023.Xx before 2023.44.

Impact

Vector 4.0

CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H/S:N/AU:Y/R:A/V:D/RE:L/U:Amber CVSS v4.0 Severity and Metrics:

Base Score: 4.70 MEDIUM
Vector: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H/S:N/AU:Y/R:A/V:D/RE:L/U:Amber

Attack Vector (AV): Physical
Attack Complexity (AC): Low
Attack Requirements (AT): None
Privileges Required (PR): None
User Interaction (UI): None
Confidentiality (VC): None
Integrity (VI): None
Availability (VA): None
Confidentiality (SC): High
Integrity (SI): High
Availability (SA): High
Safety (S): Negligible
Automatable (AU): Yes
Recovery (R): Automatic
Value Density (V): Diffuse
Vulnerability Response Effort (RE): Low
Provider Urgency (U): Amber

Base Score 4.0

4.70

Severity 4.0

MEDIUM

References to Advisories, Solutions, and Tools

https://asrg.io/security-advisories/cve-2025-6785/