Cybersecurity is crucial throughout the lifecycle of automotive Electronic Control Units (ECUs) and must be addressed in accordance with standards like ISO/SAE 21434. While fuzzing is a key technique for detecting security flaws by providing unexpected or random inputs, it has not been extensively applied within Hardware-in-the-Loop (HiL) testing environments—a standard practice for validating ECU functionality. Applying fuzzing at this stage is important, as HiL serves as the bridge between simulation and physical vehicle integration, allowing for the validation of real hardware behavior under reproducible conditions. This paper presents a framework for integrating fuzzing into HiL test benches to strengthen cybersecurity evaluation across automotive ECUs. A case study was performed on an ADAS ECU using the open-source fuzzing tool Caring Caribou on the Controller Area Network Flexible Data-rate (CAN-FD) network. The assessment identified vulnerabilities at both the protocol and application layers: the ECU accepted frames with incorrect Cyclic Redundancy Checks (CRC), and certain combinations of input signals produced undefined behavior, including unintended activation of Adaptive Cruise Control (ACC). These results demonstrate that incorporating fuzzing into HiL workflows provides an effective way to detect security-relevant protocol handling issues and system-level logic faults that may not be observed during conventional functional testing. Consequently, this approach facilitates the detection of vulnerabilities significantly earlier in the verification process