Cyber Resilience

CVE-2025-32062

High

Published: 15 February 2026

Published
15 February 2026
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0038 29.7th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2025-32062 is a high-severity Stack-based Buffer Overflow (CWE-121) vulnerability in Blackhat (inferred from references). Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation of Remote Services (T1210); ranked at the 29.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Deeper analysis

CVE-2025-32062 is a stack-based buffer overflow vulnerability (CWE-121) in the Bluetooth stack developed by Alps Alpine within the Infotainment ECU manufactured by Bosch. The flaw arises from insufficient boundary validation of user-supplied data, leading to the overflow when processing a specific packet over an established upper-layer L2CAP channel. It was first identified in the 2020 Nissan Leaf ZE1 model and carries a CVSS v3.1 base score of 8.8 (AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

An attacker within adjacent physical proximity—such as Bluetooth range—can exploit this vulnerability with low complexity and no required privileges or user interaction. By sending a crafted packet over the L2CAP channel, the attacker achieves remote code execution on the Infotainment ECU with root privileges, potentially compromising connected vehicle systems.

Advisories and resources, including a Black Hat Asia 2025 presentation on remote exploitation of the Nissan Leaf, a PCA Cybersecurity advisory on vulnerabilities in Bosch-manufactured Nissan infotainment systems, and Nissan's Leaf product page, provide further details on the issue. No specific patch or mitigation guidance is detailed in the available references.

EU & UK References

Vulnerability details

The specific flaw exists within the Bluetooth stack developed by Alps Alpine of the Infotainment ECU manufactured by Bosch. The issue results from the lack of proper boundary validation of user-supplied data, which can result in a stack-based buffer overflow…

more

when receiving a specific packet on the established upper layer L2CAP channel. An attacker can leverage this vulnerability to obtain remote code execution on the Infotainment ECU with root privileges. First identified on Nissan Leaf ZE1 manufactured in 2020.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1210 Exploitation of Remote Services Lateral Movement
Adversaries may exploit remote services to gain unauthorized access to internal systems once inside of a network.
T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Buffer overflow in Bluetooth L2CAP stack directly enables remote exploitation of a service for unauthenticated RCE and root privilege escalation from adjacent range.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-4747Shared CWE-121
CVE-2025-26507Shared CWE-121
CVE-2025-70083Shared CWE-121
CVE-2026-32708Shared CWE-121
CVE-2026-44858Shared CWE-121
CVE-2026-39461Shared CWE-121
CVE-2026-24882Shared CWE-121
CVE-2024-10239Shared CWE-121
CVE-2023-46272Shared CWE-121
CVE-2026-43958Shared CWE-121

Affected Assets

Blackhat
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires validation of user-supplied data boundaries in Bluetooth L2CAP packets to prevent the stack-based buffer overflow.

prevent

Implements memory protections such as stack canaries, ASLR, and DEP to mitigate exploitation of stack-based buffer overflows in the Bluetooth stack even if validation fails.

prevent

Mandates timely identification, reporting, and correction of the specific buffer overflow flaw in the Alps Alpine Bluetooth stack, eliminating the vulnerability.

References