If your car is built around too much tech like the Nissan Leaf, be very careful
Researchers from PCAutomotive have uncovered a series of critical security vulnerabilities in the Nissan Leaf electric vehicle that could allow remote attackers to spy on users and take control of multiple car functions. Their findings were presented at Black Hat Asia 2025 and focus on the second-generation Nissan Leaf manufactured in 2020.
PCAutomotive, a firm specializing in penetration testing and threat intelligence for both automotive and financial sectors, discovered that the vulnerabilities stem from the vehicle’s infotainment system, specifically its Bluetooth connectivity. Exploiting this entry point, the researchers were able to breach the car’s internal network and escalate their privileges.
Moreover, this led to the establishment of a command-and-control (C&C) channel via cellular communication, granting persistent and stealthy access to the vehicle over the internet. With this level of access, an attacker could covertly track the car’s real-time location, take screenshots of the infotainment display and even eavesdrop on conversations inside the cabin via microphone.
These capabilities raise serious concerns around both personal privacy and physical safety. More alarmingly, the vulnerabilities also allowed for remote control over several physical systems within the car. These included the ability to manipulate the doors, horn, windows, lights and in some scenarios, the steering wheel while the vehicle is in motion, posing significant safety risks.
In total, eight separate Common Vulnerabilities and Exposures (CVE) identifiers have also been assigned to these flaws, numbered CVE-2025-32056 through CVE-2025-32063. PCAutomotive initiated the disclosure process with Nissan in August 2023, and the company confirmed the validity of the findings in January 2024.
On top of that, the CVEs were not officially assigned until shortly before the public presentation of the research. When approached for comment by SecurityWeek, a Nissan spokesperson acknowledged the communication with PCAutomotive and emphasized the company’s commitment to cybersecurity.
While declining to share specific countermeasures, the spokesperson stated, “For the safety and peace of mind of our customers, we will continue to develop and roll out technologies to combat increasingly sophisticated cyberattacks.” This case underscores the growing importance of cybersecurity in modern vehicles, particularly as cars become more connected and digitally integrated.
So now that we know this is possible in any connected vehicle, if you own one, please be sure to take extra precautions to ensure that you do not fall victim to any of these hacks as the consequences could be dire. We got all this from Security Week and their full article is linked here. Thank you Security Week for the information and images.
