CVE-2025-34251

07.10.2025, 00:15

Tesla Telematics Control Unit (TCU) firmware prior to v2025.14 contains an authentication bypass vulnerability. The TCU runs the Android Debug Bridge (adbd) as root and, despite a lockdown check that disables adb shell, still permits adb push/pull and adb forward. Because adbd is privileged and the devices USB port is exposed externally, an attacker with physical access can write an arbitrary file to a writable location and then overwrite the kernels uevent_helper or /proc/sys/kernel/hotplug entries via ADB, causing the script to be executed with root privileges.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	UNKNOWN				---
VulnCheck	CNA	---				---

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: Unknown

Common Weakness Enumeration

CWE-269 - Improper Privilege Management
The software does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References

https://www.nccgroup.com/research-blog/technical-advisory-tesla-telematics-control-unit-adb-auth-bypass/

https://www.tesla.com/

https://www.vulncheck.com/advisories/tesla-tcu-auth-bypass