CVE-2025-6785 in Model 3
Summary
by MITRE • 09/04/2025
Securing externally available CAN wires can easily allow physical access to the CAN bus, allowing possible injection of specially formed CAN messages to control remote start functions of the vehicle. Testing completed on Tesla Model 3 vehicles with software version v11.1 (2023.20.9 ee6de92ddac5). This issue affects Model 3: With software versions from 2023.Xx before 2023.44.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 09/04/2025
The vulnerability described in CVE-2025-6785 represents a critical security flaw in Tesla Model 3 vehicles that stems from inadequate physical protection of the Controller Area Network (CAN) bus infrastructure. This weakness allows attackers with physical access to potentially manipulate vehicle functions through specially crafted CAN messages that can trigger remote start capabilities. The vulnerability specifically impacts Tesla vehicles running software versions from 2023.XX releases prior to 2023.44, with testing confirming the issue on version v11.1 (2023.20.9 ee6de92ddac5). The CAN bus serves as the primary communication network within vehicles, connecting various electronic control units that manage critical functions including engine control, braking systems, and in this case, remote start functionality.
The technical implementation of this vulnerability exploits the physical accessibility of CAN wires that are not adequately secured, creating a direct pathway for malicious actors to inject unauthorized CAN frames into the vehicle's network. This type of attack falls under the category of physical attack vectors as defined by the ATT&CK framework, specifically mapping to techniques involving physical access and hardware manipulation. The flaw demonstrates a lack of proper physical security controls that should prevent unauthorized modification or access to critical vehicle communication infrastructure. According to CWE classification, this vulnerability relates to CWE-257: "Use of Hard-coded Passwords" and CWE-310: "Cryptographic Issues" in contexts where physical security measures fail to protect communication channels, though the primary concern here is physical access rather than cryptographic weakness.
The operational impact of this vulnerability extends beyond simple unauthorized vehicle access, potentially allowing attackers to remotely start vehicles without proper authentication, which could enable theft or compromise vehicle security systems. This represents a significant risk to vehicle owners and could facilitate unauthorized vehicle operation, especially in scenarios where vehicles are parked in accessible locations. The vulnerability affects a substantial number of Tesla Model 3 vehicles, as the affected software versions span a considerable timeframe from 2023.XX releases through the pre-2023.44 period. This creates a broad attack surface that could be exploited by threat actors with physical access to vehicles, potentially leading to vehicle theft, unauthorized use, or further exploitation of connected vehicle systems.
Mitigation strategies for this vulnerability should focus on both immediate and long-term solutions. Immediate actions include ensuring proper physical security of CAN bus wiring and implementing tamper-evident measures that detect unauthorized access attempts. Tesla should provide firmware updates that strengthen authentication mechanisms for remote start functions and implement additional network security controls that can detect and prevent unauthorized CAN message injection. The solution should align with automotive cybersecurity standards such as ISO/SAE 21434 and SOTIF (Safety of the Intended Functionality) requirements, which mandate comprehensive security measures for vehicle communication systems. Additionally, vehicle manufacturers should consider implementing hardware-based security features such as secure boot mechanisms and cryptographic protection of communication channels to prevent unauthorized modifications to vehicle systems. The vulnerability highlights the critical importance of physical security controls in automotive cybersecurity and demonstrates how inadequate protection of communication infrastructure can lead to significant operational risks.