Which Nissan Leaf model is affected by these vulnerabilities?

The vulnerabilities specifically affect the 2020 second-generation Nissan Leaf electric vehicle.

What are the CVE identifiers for these Nissan Leaf vulnerabilities?

The identified vulnerabilities have been assigned eight CVE identifiers: CVE-2025-32056 through CVE-2025-32063. CVSS scores are not available for these vulnerabilities.

What vehicle functions could be compromised using these vulnerabilities?

The security flaws enabled researchers to track the vehicle's location in real-time, capture screenshots from the infotainment system, record conversations taking place inside the vehicle, and remotely control multiple physical functions including door locks, windshield wipers, horn, side mirrors, windows, lights, and even the steering wheel while the car was in motion.

Which cybersecurity firm discovered these vulnerabilities?

The vulnerabilities were discovered by cybersecurity researchers from PCAutomotive.

Where were these Nissan Leaf vulnerabilities publicly disclosed?

The findings were presented at Black Hat Asia 2025, a prominent cybersecurity conference.

Could attackers potentially take over control of a Nissan Leaf while it's being driven?

Yes, according to the researchers, the vulnerabilities allowed them to remotely control the steering wheel even while the car was in motion, suggesting that attackers could potentially take over control of the vehicle while it's being driven.

Advisory

Researchers demonstrate Nissan Leaf electric vehicle vulnerable to remote hacking, takeover

published: April 10, 2025

Take action: If you have a Nissan Leaf, try your local dealer or service shop for an updated infotainment version. But Nissan hasn't disclosed if they have or will at all patch these flaws. So try to update, otherwise, hope for the best.

Learn More

Cybersecurity researchers from PCAutomotive have demonstrated a series of critical vulnerabilities affecting the 2020 second-generation Nissan Leaf electric vehicle. The findings, presented at Black Hat Asia 2025, reveal that security flaws can be exploited to remotely compromise the vehicle's systems, enabling surveillance and control of various physical functions.

The research team discovered multiple vulnerabilities that allowed them to leverage the car's infotainment system's Bluetooth capabilities as an entry point to infiltrate the vehicle's internal network. Once inside the system, the researchers were able to escalate privileges and establish a command-and-control (C&C) channel over cellular communications, maintaining persistent and stealthy access to the vehicle directly via the internet.

The identified vulnerabilities have been assigned eight CVE identifiers:

CVE-2025-32056 through CVE-2025-32063 (CVSS scores not available)

The security flaws enabled researchers to:

Track the vehicle's location in real-time
Capture screenshots from the infotainment system
Record conversations taking place inside the vehicle
Remotely control multiple physical functions including:
- Door locks
- Windshield wipers
- Horn
- Side mirrors
- Windows
- Lights
- Steering wheel (even while the car was in motion)

According to PCAutomotive, the disclosure process began in August 2023, with Nissan confirming the findings in January 2024. The CVE assignments were only recently completed.

A Nissan spokesperson acknowledged the research but provided limited details about remediation plans: "PCAutomotive contacted Nissan regarding its research. While we decline to disclose specific countermeasures or details for security reasons, for the safety and peace of mind of our customers we will continue to develop and roll out technologies to combat increasingly sophisticated cyberattacks."

Researchers demonstrate Nissan Leaf electric vehicle vulnerable to remote hacking, takeover