CVE-2025-34251
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-10-07

Last updated on: 2025-10-08

Assigner: VulnCheck

Description
Tesla Telematics Control Unit (TCU) firmware prior to v2025.14 contains an authentication bypass vulnerability. The TCU runs the Android Debug Bridge (adbd) as root and, despite a β€œlockdown” check that disables adb shell, still permits adb push/pull and adb forward. Because adbd is privileged and the device’s USB port is exposed externally, an attacker with physical access can write an arbitrary file to a writable location and then overwrite the kernel’s uevent_helper or /proc/sys/kernel/hotplug entries via ADB, causing the script to be executed with root privileges.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-10-07
Last Modified
2025-10-08
Generated
2026-06-16
AI Q&A
2025-10-07
EPSS Evaluated
2026-06-15
NVD
CVE-2025-34251
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
tesla telematics_control_unit *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-288 The product requires authentication, but the product has an alternate path or channel that does not require authentication.
CWE-269 The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in Tesla Telematics Control Unit (TCU) firmware prior to version 2025.14. The TCU runs the Android Debug Bridge daemon (adbd) as root. Although there is a lockdown check that disables adb shell access, adb push/pull and adb forward commands are still permitted. Because adbd runs with root privileges and the USB port is externally accessible, an attacker with physical access can write arbitrary files to writable locations and overwrite kernel entries such as uevent_helper or /proc/sys/kernel/hotplug. This causes a script to be executed with root privileges, effectively bypassing authentication.

Impact Analysis

An attacker with physical access to the device can exploit this vulnerability to gain root-level control over the Tesla TCU. This could allow them to execute arbitrary code with the highest privileges, potentially compromising the device's integrity, confidentiality, and availability. Such control could lead to unauthorized modifications, data theft, or disruption of vehicle telematics functions.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-34251. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart