Over 1,300 TeslaMate Servers Exposed Online, Spilling Vehicle Data

A security researcher has found over 1,300 publicly exposed TeslaMate servers that are leaking sensitive data about Tesla vehicles, including location histories. The servers, run by Tesla owners, were likely made public by mistake, allowing anyone to access the data without a password. The researcher urges TeslaMate users to secure their dashboards by enabling authentication to prevent public access.

Title: Over 1,300 TeslaMate Servers Exposed, Leaking Sensitive Vehicle Data

A security researcher has discovered over 1,300 publicly exposed TeslaMate servers that are inadvertently sharing sensitive data about Tesla vehicles, including location histories. These servers, run by Tesla owners, were likely made public by mistake, allowing anyone to access the data without a password [1].

Seyfullah Kiliç, founder of cybersecurity company SwordSec, found these exposed servers by scanning the internet for public-facing TeslaMate dashboards. TeslaMate is an open-source data logger that allows Tesla owners to self-host and visualize their vehicle’s data from their own computers, such as temperature, battery health, charging sessions, and more sensitive information like vehicle speed and recent trip locations [1].

Kiliç mapped the locations of these vehicles on a map to demonstrate the extent of the data leakage. He noted that without basic authentication or firewall rules, sensitive data can be easily leaked [1]. This issue is not new but has significantly worsened since 2022 when a security researcher found dozens of public TeslaMate dashboards exposed to the web [1].

TeslaMate's founder, Adrian Kumpf, acknowledged the problem in 2022 and released a bug fix aimed at protecting against public access to customers’ dashboards. However, he warned that the project could not protect against users accidentally exposing their TeslaMate servers to the internet [1]. Kiliç emphasized the importance of enabling authentication on servers to prevent public access [1].

The security researcher’s findings highlight the growing risk of data exposure through self-hosted applications. Organizations and individuals should prioritize securing their servers and data, especially when dealing with sensitive information. European organizations are particularly at risk, especially those relying on the bobbingwide oik software, which has a recently discovered high-severity reflected Cross-Site Scripting (XSS) vulnerability [2].

References:
[1] https://techcrunch.com/2025/08/26/security-researcher-maps-hundreds-of-teslamate-servers-spilling-tesla-vehicle-data/
[2] https://radar.offseq.com/threat/cve-2025-54670-cwe-79-improper-neutralization-of-i-b951e1ca