CVE-2025-2082

NONE EPSS 24.9%

Published Apr 30, 20251y ago · Modified Jun 17, 20261w ago

Published Apr 30, 2025 1y ago

Last Modified Jun 17, 2026 1w ago

Description

Tesla Model 3 VCSEC Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected Tesla Model 3 vehicles. Authentication is not required to exploit this vulnerability. The specific flaw exists within the VCSEC module. By manipulating the certificate response sent from the Tire Pressure Monitoring System (TPMS), an attacker can trigger an integer overflow before writing to memory. An attacker can leverage this vulnerability to execute code in the context of the VCSEC module and send arbitrary messages to the vehicle CAN bus. Was ZDI-CAN-23800.

Threat Intelligence

EPSS Exploit Probability

24.9% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 1

CWE-190 Integer Overflow or Wraparound Numeric Error

Affected Products 2

Vendor	Product	Version	Range
tesla	model_3_firmware	*	<2024.14
tesla	model_3	*	any

References 1

zerodayinitiative.com https://www.zerodayinitiative.com/advisories/ZDI-25-265/

Third Party Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.