What is the CVSS score of CVE-2025-32061?

CVE-2025-32061 has a CVSS 3.1 base score of 8.8 (High). CVSS vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.0%.

How to fix or mitigate CVE-2025-32061?

Within 24 hours: Inventory all Bosch infotainment ECUs with Bluetooth capabilities in your organization and assess which vehicles are actively deployed. Within 7 days: Implement network segmentation to isolate affected infotainment systems from critical operational networks; disable Bluetooth connectivity where operationally feasible. Within 30 days: Establish continuous monitoring for suspicious Bluetooth pairing attempts; coordinate with Bosch/Alps Alpine for patch availability and develop a phased patching strategy; consider vehicle replacement or hardware upgrades if mitigation is insufficient.

CVE-2025-32061

HIGH

Stack-based Buffer Overflow (CWE-121)

2026-02-15 cve@asrg.io

RCE Buffer Overflow Stack Overflow

8.8

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Adjacent

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:54 vuln.today

CVE Published

Feb 15, 2026 - 11:15 nvd

HIGH 8.8

DescriptionNVD

The specific flaw exists within the Bluetooth stack developed by Alps Alpine of the Infotainment ECU manufactured by Bosch. The issue results from the lack of proper boundary validation of user-supplied data, which can result in a stack-based buffer overflow when receiving a specific packet on the established upper layer L2CAP channel. An attacker can leverage this vulnerability to obtain remote code execution on the Infotainment ECU with root privileges.

First identified on Nissan Leaf ZE1 manufactured in 2020.

AnalysisAI

The specific flaw exists within the Bluetooth stack developed by Alps Alpine of the Infotainment ECU manufactured by Bosch. [CVSS 8.8 HIGH]

Technical ContextAI

Classified as CWE-121 (Stack-based Buffer Overflow). The specific flaw exists within the Bluetooth stack developed by Alps Alpine of the Infotainment ECU manufactured by Bosch. The issue results from the lack of proper boundary validation of user-supplied data, which can result in a stack-based buffer overflow when receiving a specific packet on the established upper layer L2CAP channel. An attacker can leverage this vulnerability to obtain remote code execution on the Infotainment ECU with root privileges.

First identified on Nissan Leaf ZE1 m

Affected ProductsAI

The specific flaw exists within the Bluetooth stack developed by Alps Alpine of the Infotainment ECU manufactured by Bosch. The issue results from the

RemediationAI

Monitor vendor advisories for a patch. Enable ASLR, DEP/NX, and stack canaries where possible.

CVE-2025-32061 vulnerability details – vuln.today

Back

CVE-2025-32061

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

Affected ProductsAI

RemediationAI

Share

External POC / Exploit Code