{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-01T21:11:41.050","vulnerabilities":[{"cve":{"id":"CVE-2025-32057","sourceIdentifier":"cve@asrg.io","published":"2026-01-22T16:16:06.890","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Infotainment ECU manufactured by Bosch which is installed in Nissan Leaf ZE1 – 2020 uses a Redbend service for over-the-air provisioning and updates. HTTPS is used for communication with the back-end server. Due to usage of the default configuration for the underlying SSL engine, the server root certificate is not verified. As a result, an attacker may be able to impersonate a Redbend backend server using a self-signed certificate.\n\n\n\nFirst identified on Nissan Leaf ZE1 manufactured in 2020."},{"lang":"es","value":"La ECU de infoentretenimiento fabricada por Bosch que está instalada en el Nissan Leaf ZE1 – 2020 utiliza un servicio de Redbend para aprovisionamiento y actualizaciones por aire. Se utiliza HTTPS para la comunicación con el servidor de backend. Debido al uso de la configuración predeterminada para el motor SSL subyacente, el certificado raíz del servidor no se verifica. Como resultado, un atacante podría suplantar un servidor de backend de Redbend utilizando un certificado autofirmado.\n\nIdentificado por primera vez en el Nissan Leaf ZE1 fabricado en 2020."}],"metrics":{"cvssMetricV31":[{"source":"cve@asrg.io","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}]},"weaknesses":[{"source":"cve@asrg.io","type":"Secondary","description":[{"lang":"en","value":"CWE-295"}]}],"references":[{"url":"http://i.blackhat.com/Asia-25/Asia-25-Evdokimov-Remote-Exploitation-of-Nissan-Leaf.pdf","source":"cve@asrg.io"},{"url":"https://pcacybersecurity.com/resources/advisory/vulnerabilities-in-nissan-infotainment-manufactured-by-bosch","source":"cve@asrg.io"},{"url":"https://www.nissan.co.uk/vehicles/new-vehicles/leaf.html","source":"cve@asrg.io"}]}}]}