CVE-2023-28904

low-risk

Published 2025-06-28

A logic flaw leading to a RAM buffer overflow in the bootloader component of the MIB3 infotainment unit allows an attacker with physical access to the MIB3 ECU to bypass firmware signature verification and run arbitrary code in the infotainment system at boot process.

Do I need to act?

-

0.02% chance of exploitation

EPSS score — low exploit probability

-

Not on CISA KEV list

No confirmed active exploitation reported to CISA

?

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

5

CVSS 5.2/10 Medium

PHYSICAL / LOW complexity

References (4)

https://asrg.io/security-advisories/vulnerabilities-in-volkswagen-mib3-infotainm...

https://i.blackhat.com/EU-24/Presentations/EU-24-Parnishchev-OverTheAirVW.pdf

https://pcacybersecurity.com/resources/advisory/vulnerabilities-in-vw-mib3-infot...

https://i.blackhat.com/EU-24/Presentations/EU-24-Parnishchev-OverTheAirVW.pdf

23

/ 100

low-risk

Severity 18/34 · Moderate

Exploitability 0/34 · Minimal

Exposure 5/34 · Minimal