How to fix CVE-2025-32058?

Within 24 hours: Inventory all affected Bosch infotainment ECU models and document exposure across fleet/operations. Establish incident response protocol and communications plan. Within 7 days: Implement network segmentation to isolate CAN bus communications where operationally feasible; disable unnecessary INC interface functionality if supported; restrict physical and wireless access to infotainment systems. Within 30 days: Monitor Bosch security advisories for patch availability; conduct risk assessment for each deployment; develop remediation plan including potential ECU replacement or system upgrades; establish compensating control monitoring for anomalous CAN traffic.

CVE-2025-32058

CRITICAL

2026-02-15 [email protected]

9.3

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:54 vuln.today

CVE Published

Feb 15, 2026 - 11:15 nvd

CRITICAL 9.3

Description

The Infotainment ECU manufactured by Bosch uses a RH850 module for CAN communication. RH850 is connected to infotainment over the INC interface through a custom protocol. There is a vulnerability during processing requests of this protocol on the V850 side which allows an attacker with code execution on the infotainment main SoC to perform code execution on the RH850 module and subsequently send arbitrary CAN messages over the connected CAN bus. First identified on Nissan Leaf ZE1 manufactured in 2020.

Analysis

Bosch Infotainment ECU's RH850 CAN module has a stack buffer overflow enabling potential code execution through crafted CAN bus messages.

Technical Context

The Bosch Infotainment ECU uses an RH850 module for CAN communication that has a CWE-121 stack buffer overflow when processing certain CAN messages.

Affected Products

['Bosch Infotainment ECU (RH850 CAN module)']

Remediation

Apply Bosch firmware updates. Implement CAN bus message filtering and intrusion detection.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +46

POC: 0

CVE-2025-32058 vulnerability details – vuln.today

Back

CVE-2025-32058

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

CVE-2025-32058

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

External POC / Exploit Code