A serious security flaw in Tesla’s Model 3 was revealed during the 2025 Pwn2Own hacking competition. The issue allowed attackers to run malicious code remotely through the car’s Tire Pressure Monitoring System (TPMS).
Key Details:
- CVE ID: CVE-2025-2082
- CVSS Score: 7.5 (High)
- Affected Models: Tesla Model 3 (before firmware version 2024.14)
- Impact: Full control over key vehicle systems via the VCSEC module
- Patch Released: Firmware update 2024.14
- Discovered By: Synacktiv researchers (Thomas Imbert, Vincent Dehors, David Berard)
What Happened
The flaw came from an integer overflow in the car’s Vehicle Control System Electronic Controller (VCSEC). Hackers could send altered data through TPMS to corrupt memory and take control of the car’s internal network (CAN bus). This includes systems responsible for acceleration, braking, and other critical functions.
Attackers don’t need login credentials but do need to be near the car—such as within Bluetooth or Wi-Fi range.
Tesla quietly fixed the issue in an October 2024 firmware update (2024.14), and full technical details were made public on April 30, 2025.
Potential Risks:
- Turning off safety features like airbags or collision alerts
- Changing how the car steers or accelerates
- Accessing private vehicle data
“This isn’t just about unlocking a car. It’s about taking control of it,” said researcher Thomas Imbert.
What Tesla Owners Should Do:
- Update Now: Make sure your car is running firmware version 2024.14 or later.
- Check Your Settings: Go to Software on the touchscreen and tap Install Update if available.
- Avoid Public Wi-Fi: Don’t connect your vehicle to untrusted networks.
- Enable Security Alerts: Turn on Tesla notifications to stay updated.
As vehicles become more connected, their security risks grow. Tesla owners are urged to stay current with updates and follow best practices to protect their cars from future threats.
Leave A Comment