216.73.216.226

CVE-2025-34251

· Published 07/10/2025 00:15 · Modified 08/10/2025 19:38

Labels: CVE-2025-34251 2025-10-07CVE-2025-34251CWE-269[email protected]

Essential information

Published
07/10/2025 00:15
Modified
08/10/2025 19:38
Author
Creator
CVSS
8.6 HIGH (v3) 8.6 HIGH (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

Tesla Telematics Control Unit (TCU) firmware prior to v2025.14 contains an authentication bypass vulnerability. The TCU runs the Android Debug Bridge (adbd) as root and, despite a “lockdown” check that disables adb shell, still permits adb push/pull and adb forward. Because adbd is privileged and the device’s USB port is exposed externally, an attacker with physical access can write an arbitrary file to a writable location and then overwrite the kernel’s uevent_helper or /proc/sys/kernel/hotplug entries via ADB, causing the script to be executed with root privileges.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
tesla / telematics control unit cpe:2.3:a:tesla:telematics_control_unit:<2025.14:*:*:*:*:*:*:*

References