Main Vulnerability Database SB2025091627

SB2025091627 - CAN Bus Injection in Tesla Model 3

Published: September 16, 2025

Security Bulletin ID SB2025091627

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Physical access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Improper Neutralization of Special Elements in Output Used by a Downstream Component (CVE-ID: CVE-2025-6785)

The vulnerability allows a local attacker to compromise the target system.

The vulnerability exists due to CAN Bus injection issue. An attacker with physical access can inject malicious CAN messages and control essential vehicle functions.

Remediation

Install update from vendor's website.

References

https://asrg.io/security-advisories/cve-2025-6785/