CVE-2025-32060
CWE-347Published: February 15, 2026· Updated: Feb 18, 2026
Official Description
The system suffers from the absence of a kernel module signature verification. If an attacker can execute commands on behalf of root user (due to additional vulnerabilities), then he/she is also able to load custom kernel modules to the kernel space and execute code in the kernel context. Such a flaw can lead to taking control over the entire system.
First identified on Nissan Leaf ZE1 manufactured in 2020.
Technical Analysis
CVE-2025-32060 requires local access, meaning attackers must already have a foothold on the target system.
Exploitation requires high privileges, which limits the exposure to scenarios where an attacker has already gained initial access.
A successful exploit results in complete confidentiality breach (data exposure), full integrity compromise (data manipulation), availability disruption (denial of service), with a CVSS base score of 6.7.
CVSS v3.1 Vector Breakdown
Exploit & PoC Resources
All References (3)
Quick Facts
Related CVEs (CWE-347)
Recommended Actions
- →Apply vendor patches immediately
- →Monitor CVE-2025-32060 in threat intel feeds
- →Review IDS/IPS signatures for exploitation attempts