CVE-2025-34251
BaseFortify
Publication date: 2025-10-07
Last updated on: 2025-10-08
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| tesla | telematics_control_unit | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-269 | The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor. |
| CWE-288 | The product requires authentication, but the product has an alternate path or channel that does not require authentication. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in Tesla Telematics Control Unit (TCU) firmware prior to version 2025.14. The TCU runs the Android Debug Bridge daemon (adbd) as root. Although there is a lockdown check that disables adb shell access, adb push/pull and adb forward commands are still permitted. Because adbd runs with root privileges and the USB port is externally accessible, an attacker with physical access can write arbitrary files to writable locations and overwrite kernel entries such as uevent_helper or /proc/sys/kernel/hotplug. This causes a script to be executed with root privileges, effectively bypassing authentication.
How can this vulnerability impact me? :
An attacker with physical access to the device can exploit this vulnerability to gain root-level control over the Tesla TCU. This could allow them to execute arbitrary code with the highest privileges, potentially compromising the device's integrity, confidentiality, and availability. Such control could lead to unauthorized modifications, data theft, or disruption of vehicle telematics functions.