A team of European white hat hackers has demonstrated the ability to remotely seize control of a 2020 Nissan LEAF , exposing serious vulnerabilities in the vehicle’s communication systems, including privacy and safety risks that experts say could have real-world consequences.
The cybersecurity researchers at PCAutomotive, based in Budapest, revealed how they were able to track the vehicle’s location, intercept messages and conversations inside the cabin, broadcast media through the car’s audio system, and — most alarmingly — manipulate the steering wheel while the vehicle was in motion.
See also: Next-Gen 2026 Nissan LEAF to Provide Over 300-Mile Range, Faster Charging
What makes the findings especially concerning is the apparent ease with which the hack was carried out. The researchers started with a test bench simulator made from components purchased on eBay and leveraged weaknesses in the LEAF’s DNS command-and-control channel and Bluetooth protocol. Their 118-page technical report, presented at Black Hat Asia 2025, outlines a detailed timeline and methodology, with disclosures made to Nissan and its suppliers between August 2, 2023, and September 12, 2024.
“This demonstration underscores the urgent need for automakers to treat cybersecurity as a foundational design principle, not an afterthought,” said one of the team members during the presentation.
See also: Next-Gen Nissan LEAF Spotted at Tesla Supercharger Ahead of Official Launch
The full attack was documented in a video and showcased during the conference, and a copy of the report has been made publicly available. Nissan has not publicly commented on the vulnerabilities disclosed in the hack.
Summary of vulnerabilities
- CVE-2025-32056 – Anti-Theft bypass
- CVE-2025-32057 – app_redbend: MiTM attack
- CVE-2025-32058 – v850: Stack Overflow in CBR processing
- CVE-2025-32059 – Stack buffer overflow leading to RCE [0]
- CVE-2025-32060 – Absence of a kernel module signature verification
- CVE-2025-32061 – Stack buffer overflow leading to RCE [1]
- CVE-2025-32062 – Stack buffer overflow leading to RCE [2]
- PCA_NISSAN_009 – Improper traffic filtration between CAN buses
- CVE-2025-32063 – Persistence for Wi-Fi network
- PCA_NISSAN_012 – Persistence through CVE-2017-7932 in HAB of i.MX 6
