CVE-2025-34251

Vulnerability Description

Tesla Telematics Control Unit (TCU) firmware prior to v2025.14 contains an authentication bypass vulnerability. The TCU runs the Android Debug Bridge (adbd) as root and, despite a “lockdown” check that disables adb shell, still permits adb push/pull and adb forward. Because adbd is privileged and the device’s USB port is exposed externally, an attacker with physical access can write an arbitrary file to a writable location and then overwrite the kernel’s uevent_helper or /proc/sys/kernel/hotplug entries via ADB, causing the script to be executed with root privileges.

Related Weaknesses (CWE)

References

• https://www.nccgroup.com/research-blog/technical-advisory-tesla-telematics-contr
• https://www.tesla.com/
• https://www.vulncheck.com/advisories/tesla-tcu-auth-bypass

FAQ

What is CVE-2025-34251?

CVE-2025-34251 is a documented vulnerability. Tesla Telematics Control Unit (TCU) firmware prior to v2025.14 contains an authentication bypass vulnerability. The TCU runs the Android Debug Bridge (adbd) as root and, despite a “lockdown” check tha...

How severe is CVE-2025-34251?

CVSS scoring is not yet available for CVE-2025-34251. Check NVD for updates.

Is there a patch for CVE-2025-34251?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.