Improper Neutralization of Special Elements in Output Used by a Downstream Component in Tesla Model 3 - CVE-2025-6785
Published: September 16, 2025
Vulnerability identifier: #VU115223
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2025-6785
CWE-ID: CWE-74
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Tesla
Affected software:
Tesla Model 3
Tesla Model 3
Detailed vulnerability description
The vulnerability allows a local attacker to compromise the target system.
The vulnerability exists due to CAN Bus injection issue. An attacker with physical access can inject malicious CAN messages and control essential vehicle functions.
How to mitigate CVE-2025-6785
Install updates from vendor's website.