CVE-2025-2082 PoC — Tesla Model 3 输入验证错误漏洞

Source

https://github.com/shirabo/cve-2025-2082-POV

Associated Vulnerability

Title:Tesla Model 3 输入验证错误漏洞 (CVE-2025-2082)
Description:Tesla Model 3是美国特斯拉（Tesla）公司的一款电动汽车。 Tesla Model 3存在输入验证错误漏洞，该漏洞源于VCSEC模块整数溢出，可能导致远程代码执行。

Readme

# CVE-2025-2082 – Function Pointer Overwrite PoV (VCSEC-style)

This repository demonstrates a Proof of Vulnerability (PoV) simulating a critical memory corruption flaw inspired by [CVE-2025-2082](https://nvd.nist.gov/vuln/detail/CVE-2025-2082), discovered in Tesla's **VCSEC** (Vehicle Controller Security) component.

The vulnerability allows an attacker to overwrite a **function pointer** by exploiting a signed-to-unsigned integer conversion bug and improper memory bounds validation during a `memcpy()` operation.

---

## What This PoV Demonstrates

- How using a negative `startIndex` in a BLE message can cause memory to be written **before the start of a buffer**
- How that memory region may contain a critical **function pointer**
- How overwriting that pointer leads to arbitrary code execution

---

## Structure of the C Code

```c
struct VCSEC {
    void (*func_ptr)();              // Function pointer to be hijacked
    uint8_t g_cert_buffer[1024];     // Target buffer for certificate data
};

File Snapshot


 [4.0K]  /data/pocs/71c19766b372183dbe97d397ab32a70ed7ac8d66
├── [   0]  exploit.c
└── [1014]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!