CVE-2025-6785

MEDIUM EPSS 10.5%
Published Sep 4, 20259mo ago · Modified Jun 17, 20261w ago
4.7 CVSS 4.0
Medium
Find Similar
Published Sep 4, 2025 9mo ago
Last Modified Jun 17, 2026 1w ago

Description

Securing externally available CAN wires can easily allow physical access to the CAN bus, allowing possible injection of specially formed CAN messages to control remote start functions of the vehicle.  Testing completed on Tesla Model 3 vehicles with software version v11.1 (2023.20.9 ee6de92ddac5). This issue affects Model 3: With software versions from 2023.Xx before 2023.44.

CVSS Details

Base Score
4.7
Exploitability
Impact
Vector string
CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:Y/R:A/V:D/RE:L/U:Amber
Attack Vector Physical
Attack Complexity Low
Privileges Required None
User Interaction None
Scope N

Threat Intelligence

EPSS Exploit Probability
10.5% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 2

CWE-1263
CWE-74

References 1

  • asrg.io https://asrg.io/security-advisories/cve-2025-6785/

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.