CVE-2025-5517 in Terra AC Wallbox
Summary
by MITRE • 10/20/2025
Heap-based Buffer Overflow vulnerability in ABB Terra AC wallbox (UL40/80A), ABB Terra AC wallbox (UL32A), ABB Terra AC wallbox (MID/ CE) -Terra AC MID, ABB Terra AC wallbox (MID/ CE) -Terra AC Juno CE, ABB Terra AC wallbox (MID/ CE) -Terra AC PTB, ABB Terra AC wallbox (JP).This issue affects Terra AC wallbox (UL40/80A): through 1.8.32; Terra AC wallbox (UL32A): through 1.8.2; Terra AC wallbox (MID/ CE) -Terra AC MID: through 1.8.32; Terra AC wallbox (MID/ CE) -Terra AC Juno CE: through 1.8.32; Terra AC wallbox (MID/ CE) -Terra AC PTB: through 1.8.21; Terra AC wallbox (JP): through 1.8.2.
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Analysis
by VulDB Data Team • 10/21/2025
The heap-based buffer overflow vulnerability CVE-2025-5517 represents a critical security flaw affecting multiple variants of ABB Terra AC wallbox models including UL40/80A, UL32A, and various MID/CE configurations. This vulnerability resides within the firmware implementations of these electric vehicle charging stations, which are widely deployed across industrial and commercial environments for managing electrical power delivery to electric vehicles. The affected devices operate under firmware versions through 1.8.32 for most models, with specific variants having different maximum vulnerable versions as noted in the CVE description. The vulnerability stems from improper input validation and memory management practices within the wallbox firmware, particularly when processing data structures that exceed allocated buffer boundaries during runtime operations.
The technical exploitation of this heap-based buffer overflow occurs when the device receives malformed input data that triggers memory corruption in the heap memory region. This type of vulnerability falls under CWE-121, which specifically addresses buffer overflow conditions in heap memory structures, and aligns with ATT&CK technique T1059.007 for command and scripting interpreter usage in exploitation contexts. The flaw manifests when the firmware fails to properly bounds-check data inputs during processing of communication protocols or configuration parameters, allowing attackers to overwrite adjacent memory locations in the heap. This memory corruption can potentially lead to arbitrary code execution, system instability, or complete device compromise, as heap corruption often provides attackers with opportunities to manipulate program flow and gain unauthorized access to system resources.
The operational impact of this vulnerability extends beyond simple device malfunction, as these wallboxes are integral components in electric vehicle charging infrastructure that often operate in unattended environments with critical power delivery functions. The affected models are commonly deployed in commercial parking facilities, industrial complexes, and public charging networks where unauthorized access could result in service disruption, power system manipulation, or even physical safety risks due to compromised charging operations. Attackers exploiting this vulnerability could potentially gain persistent access to the device's control systems, enabling them to modify charging parameters, monitor electricity consumption data, or disrupt charging services for vehicles connected to these wallboxes. The vulnerability's presence across multiple firmware versions indicates a systemic flaw in the software development lifecycle of these devices, suggesting inadequate security testing and code review practices.
Mitigation strategies for CVE-2025-5517 should prioritize immediate firmware updates from ABB to address the heap overflow conditions in affected device models. Network segmentation and access controls should be implemented to limit exposure of these devices to untrusted networks, while monitoring systems should be deployed to detect anomalous behavior patterns that might indicate exploitation attempts. Security teams should conduct comprehensive vulnerability assessments of all deployed wallbox units to identify and remediate affected devices before potential exploitation occurs. The remediation process must include thorough testing of updated firmware versions to ensure that the buffer overflow conditions are properly resolved without introducing new functionality issues. Additionally, organizations should consider implementing device integrity monitoring solutions that can detect unauthorized firmware modifications or runtime anomalies that may indicate exploitation attempts, as these devices often lack robust security features that would prevent such memory corruption attacks from succeeding.