Description
Securing externally available CAN wires can easily allow physical access to the CAN bus, allowing possible injection of specially formed CAN messages to control remote start functions of the vehicle. Testing completed on Tesla Model 3 vehicles with software version v11.1 (2023.20.9 ee6de92ddac5). This issue affects Model 3: With software versions from 2023.Xx before 2023.44.
References (1)
Core 1
Core References
Various Sources third-party-advisory
https://asrg.io/security-advisories/cve-2025-6785/
Scores
CVSS v4
4.7
EPSS
0.0021
EPSS Percentile
10.4%
CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:Y/R:A/V:D/RE:L/U:Amber
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-1263
CWE-74
Status
published
Products (1)
Tesla/Model 3
2023.xx - 2023.44
Published
Sep 04, 2025
Tracked Since
Feb 18, 2026