Description
A heap buffer overflow in the image processing binary of the MIB3 infotainment unit allows an attacker to execute arbitrary code on it. The vulnerability was originally discovered in Skoda Superb III car with MIB3 infotainment unit OEM part number 3V0035820. The list of affected MIB3 OEM part numbers is provided in the referenced resources.
References (3)
Core 3
Core References
Vendor Advisory technical-description
https://pcacybersecurity.com/resources/advisory/vulnerabilities-in-vw-mib3-infotainment-2
Various Sources third-party-advisory
https://asrg.io/security-advisories/vulnerabilities-in-volkswagen-mib3-infotainment-part-2/
Scores
CVSS v3
8.0
EPSS
0.0028
EPSS Percentile
51.4%
Attack Vector
ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
total
Details
CWE
CWE-122
Status
published
Products (1)
Preh Car Connect GmbH (JOYNEXT GmbH)/Volkswagen MIB3 infotainment system MIB3 OI MQB
< 0304
Published
Jun 28, 2025
Tracked Since
Feb 18, 2026