Audi has been identified as shipping vehicles (up to at least 2024) with outdated and vulnerable software components, such as FreeImage, which lacks active maintenance and contains well-documented security flaws. These vulnerabilities expose connected cars to potential remote exploits, data breaches, and system takeovers via compromised firmware or third-party APIs. The insecure software violates the intent of UNECE R155 (cybersecurity type approval) but persists due to weak enforcement and a disconnect between regulatory compliance and practical implementation. Attackers could exploit these flaws to manipulate critical vehicle systems (e.g., brakes, steering via CAN bus), exfiltrate sensitive driver data (location history, behavior patterns stored in cloud systems), or deploy over-the-air (OTA) malware updates affecting entire fleets. The systemic neglect of security standards—despite legal frameworks like GDPR and ISO/SAE 21434—undermines consumer trust and leaves drivers exposed to large-scale cyber-physical attacks, including scenarios where vehicle control could be hijacked, endangering lives and organizational liability.