MEDIUM🇵🇱 Wersja polska

CVE-2025-6785

CVSS 4.7v4.0pub. 2025-09-04upd. 2026-04-15

Securing externally available CAN wires can easily allow physical access to the CAN bus, allowing possible injection of specially formed CAN messages to control remote start functions of the vehicle.  Testing completed on Tesla Model 3 vehicles with software version v11.1 (2023.20.9 ee6de92ddac5). This issue affects Model 3: With software versions from 2023.Xx before 2023.44.

CVSS Vector
CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:Y/R:A/V:D/RE:L/U:Amber
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References
CVE-2025-6785 — MEDIUM — CVSS 4.7 | CVEbaza.pl