Considering that (correct me if I am wrong) there are around 160 possible private keys that can map to one single address
No. If that were the case, it would take less than a second to bruteforce. The security of P2SH is 160 bits. There are different attack vectors that you could try. If I wanted to generate
any collision, then I'd need to do 2^80 work to generate a different script that hashes to the same hash160 value.
An alternative would be: Attempting to grind a different script and get the same hash as your 3 of 3 multisig script ("
CHECKSIG"), then I could redeem it. This would require 2^159 work.
my question is, is it possible that a single private key could map to this multi signature address?
"When using p2sh, the script is given by the redeemer and then checked against a predetermined hash value."
I suggest reading up on how P2SH exactly works, as this is the result of a lack of understanding.
Source: Personal knowledge and a discussion with arubi.
Update: Danny beat me to it while I was still writing. I left the post as it adds some other information.