CVE-2025-32056
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2026-01-22

Last updated on: 2026-01-26

Assigner: Automotive Security Research Group (ASRG)

Description
The anti-theft protection mechanism can be bypassed by attackers due to weak response generation algorithms for the head unit. It is possible to reveal all 32 corresponding responses by sniffing CAN traffic or by pre-calculating the values, which allow to bypass the protection. First identified on Nissan Leaf ZE1 manufactured in 2020.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-22
Last Modified
2026-01-26
Generated
2026-06-16
AI Q&A
2026-01-22
EPSS Evaluated
2026-06-14
NVD
CVE-2025-32056
EUVD
EUVD-2026-4127
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
nissan leaf 2020
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-1241 The device uses an algorithm that is predictable and generates a pseudo-random number.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability involves the anti-theft protection mechanism in certain vehicles, specifically the Nissan Leaf ZE1 from 2020. Attackers can bypass this protection because the system uses weak response generation algorithms for the head unit. By sniffing CAN traffic or pre-calculating response values, an attacker can reveal all 32 corresponding responses needed to bypass the anti-theft system.

Impact Analysis

This vulnerability can allow attackers to bypass the vehicle's anti-theft protection, potentially enabling unauthorized access or control over the vehicle. This could lead to theft or misuse of the vehicle.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-32056. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart