CVE-2025-5825 in MaxiCharger AC Wallbox Commercialinfo

Zusammenfassung

von MITRE • 25.06.2025

Autel MaxiCharger AC Wallbox Commercial Firmware Downgrade Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Autel MaxiCharger AC Wallbox Commercial charging stations. An attacker must first obtain the ability to pair a malicious Bluetooth device with the target system in order to exploit this vulnerability.

The specific flaw exists within the firmware update process. The issue results from the lack of proper validation of a firmware image before using it to perform an upgrade. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the device. Was ZDI-CAN-26354.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Reservieren

06.06.2025

Veröffentlichung

25.06.2025

Moderieren

akzeptiert

Eintrag

VDB-312345

CPE

bereit

CWE

CWE-1328 (bestätigt)

CVSS

7.5 (CNA)

EPSS

0.00219

KEV

nein

Aktivitäten

very low

Quellen

MITRE	https://www.cve.org/CVERecord?id=CVE-2025-5825
NVD	https://nvd.nist.gov/vuln/detail/CVE-2025-5825
CVE Details	https://www.cvedetails.com/cve/CVE-2025-5825/

◂ Zurück Übersicht Weiter ▸

Interested in the pricing of exploits?

See the underground prices here!