CVE-2025-8321
CVE-2025-8321 is a medium-severity vulnerability in Tesla Wall Connector Firmware with a CVSS 3.x base score of 6.8. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-1328.
Key facts
- Severity: Medium (CVSS 3.x base score 6.8)
- EPSS exploit prediction: 0% (29th percentile)
- Actively exploited: Not listed in CISA KEV
- EU (EUVD) id: EUVD-2025-23137
- Weakness: CWE-1328
- Affected product: Tesla Wall Connector Firmware
- Published:
- Last modified:
Description
Tesla Wall Connector Firmware Downgrade Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Tesla Wall Connector devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the firmware upgrade feature. The issue results from the lack of an anti-downgrade mechanism. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the device. Was ZDI-CAN-26299.
Frequently asked questions
- What is CVE-2025-8321?
- Tesla Wall Connector Firmware Downgrade Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Tesla Wall Connector devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the firmware upgrade feature. The issue results from the lack of an anti-downgrade mechanism. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the device. Was ZDI-CAN-26299.
- How severe is CVE-2025-8321?
- CVE-2025-8321 has a CVSS 3.x base score of 6.8, rated medium severity. It is exploitable over physical access with low attack complexity, requires no privileges and no user interaction. Impact on confidentiality is high, integrity high, and availability high.
- Is CVE-2025-8321 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 0% (29th percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2025-8321?
- CVE-2025-8321 affects Tesla Wall Connector Firmware. See the affected-products list for the exact vulnerable versions.
- How do I fix CVE-2025-8321?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
- Does CVE-2025-8321 have an EU (EUVD) identifier?
- Yes. CVE-2025-8321 is tracked in the ENISA EU Vulnerability Database (EUVD) as EUVD-2025-23137.
- When was CVE-2025-8321 published?
- CVE-2025-8321 was published on 2025-07-30 and last updated on 2026-06-17.
References
Affected products (1)
- cpe:2.3:o:tesla:wall_connector_firmware:*:*:*:*:*:*:*:*
More vulnerabilities in Tesla Wall Connector Firmware
- CVE-2025-8320 — High (CVSS 8.8): Tesla Wall Connector Content-Length Header Improper Input Validation Remote Code Execution Vulnerability. This…
All CVEs affecting Tesla Wall Connector Firmware →
Other CWE-1328 vulnerabilities
- CVE-2025-5825 — High (CVSS 7.5): Autel MaxiCharger AC Wallbox Commercial Firmware Downgrade Remote Code Execution Vulnerability. This vulnerability…
- CVE-2024-13870 — Medium (CVSS 5.7): An improper access control vulnerability exists in Bitdefender Box 1 (firmware version 1.3.52.928 and below) that…
- CVE-2025-29989 — Low (CVSS 3.1): Dell Client Platform BIOS contains a Security Version Number Mutable to Older Versions vulnerability. A high privileged…