Tesla Model 3 Physical CAN Bus Injection_CVE-2025-6785

4.7 / 10

MEDIUM

CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H/S:N/AU:Y/R:A/V:D/RE:L/U:Amber

Description

Securing externally available CAN wires can easily allow physical access to the CAN bus, allowing possible injection of specially formed CAN messages to control remote start functions of the vehicle. Testing completed on Tesla Model 3 vehicles with software version v11.1 (2023.20.9 ee6de92ddac5). This issue affects Model 3: With software versions from 2023.Xx before 2023.44.

Basic Information

ID CVE-2025-6785

Source ASRG

Published Sep 4, 2025 at 14:13

Modified Sep 4, 2025 at 14:23

Affected Product

Vendor Tesla

Product Model 3

Version 2023.xx

Affected Versions Tesla Model 3 2023.xx

CWE Classification

CWE-74 CWE-1263

References

asrg.io /security-advisories/cve-2025-6785/

{
    "lastseen": "",
    "description": "Securing externally available CAN wires can easily allow physical access to the CAN bus, allowing possible injection of specially formed CAN messages to control remote start functions of the vehicle.\u00a0 Testing completed on\u00a0Tesla Model 3 vehicles with software version v11.1 (2023.20.9 ee6de92ddac5).\u00a0This issue affects Model 3: With software versions from 2023.Xx before 2023.44.",
    "published": "2025-09-04T14:13:22.348Z",
    "modified": "2025-09-04T14:23:47.393Z",
    "type": "cve",
    "title": "Tesla Model 3 Physical CAN Bus Injection",
    "source": "ASRG",
    "references": "https://asrg.io/security-advisories/cve-2025-6785/",
    "id": "CVE-2025-6785",
    "bulletinFamily": "",
    "cwe": [
        "CWE-74",
        "CWE-1263"
    ],
    "cvelist": null,
    "sourceData": "Tesla Model 3 2023.xx",
    "sourceHref": "",
    "cvss": {
        "score": 4.7,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H/S:N/AU:Y/R:A/V:D/RE:L/U:Amber",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Model 3",
    "version": "2023.xx",
    "vendor": "Tesla",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}