CVE-2025-34251

HIGH EPSS 41.8%

Published Oct 7, 20258mo ago · Modified Jun 17, 20261w ago

8.6 CVSS 4.0

High

Published Oct 7, 2025 8mo ago

Last Modified Jun 17, 2026 1w ago

Description

Tesla Telematics Control Unit (TCU) firmware prior to v2025.14 contains an authentication bypass vulnerability. The TCU runs the Android Debug Bridge (adbd) as root and, despite a “lockdown” check that disables adb shell, still permits adb push/pull and adb forward. Because adbd is privileged and the device’s USB port is exposed externally, an attacker with physical access can write an arbitrary file to a writable location and then overwrite the kernel’s uevent_helper or /proc/sys/kernel/hotplug entries via ADB, causing the script to be executed with root privileges.

CVSS Details

Base Score

8.6

Exploitability

—

Impact

—

Vector string

CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector Physical

Attack Complexity Low

Privileges Required None

User Interaction None

Scope X

Threat Intelligence

EPSS Exploit Probability

41.8% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 2

CWE-269 Improper Privilege Management Authorization

CWE-288

References 3

nccgroup.com https://www.nccgroup.com/research-blog/technical-advisory-tesla-telematics-control-unit-adb-auth-bypass/
tesla.com https://www.tesla.com/
vulncheck.com https://www.vulncheck.com/advisories/tesla-tcu-auth-bypass

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.