CVE-2025-2082

HIGH

Tesla Model 3 Firmware < 2024.14 - Integer Overflow

Title source: rule

Description

Tesla Model 3 VCSEC Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected Tesla Model 3 vehicles. Authentication is not required to exploit this vulnerability. The specific flaw exists within the VCSEC module. By manipulating the certificate response sent from the Tire Pressure Monitoring System (TPMS), an attacker can trigger an integer overflow before writing to memory. An attacker can leverage this vulnerability to execute code in the context of the VCSEC module and send arbitrary messages to the vehicle CAN bus. Was ZDI-CAN-23800.

Exploits (2)

nomisec WRITEUP 3 stars
by Burak1320demiroz · poc
https://github.com/Burak1320demiroz/cve-2025-2082
nomisec WORKING POC 1 stars
by shirabo · poc
https://github.com/shirabo/cve-2025-2082-POV

References (1)

Scores

CVSS v3 7.5
EPSS 0.0012
EPSS Percentile 30.5%
Attack Vector ADJACENT_NETWORK
CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-190
Status published
Products (1)
tesla/model_3_firmware < 2024.14
Published Apr 30, 2025
Tracked Since Feb 18, 2026