CVE-2025-6785
BaseFortify
Publication date: 2025-09-04
Last updated on: 2025-09-04
Assigner: Automotive Security Research Group (ASRG)
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| tesla | model_3 | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-1263 | The product is designed with access restricted to certain information, but it does not sufficiently protect against an unauthorized actor with physical access to these areas. |
| CWE-74 | The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves the ability to physically access the CAN bus through externally available CAN wires. An attacker with physical access can inject specially formed CAN messages to control remote start functions of the vehicle, specifically tested on Tesla Model 3 vehicles with certain software versions.
How can this vulnerability impact me? :
If exploited, this vulnerability could allow an attacker with physical access to the vehicle's CAN bus to remotely start the vehicle without authorization, potentially leading to unauthorized use or theft.