Login Sign Up

CVE-2025-5747

8.0 HIGH
Remote Code Execution

📋 TL;DR

This vulnerability allows network-adjacent attackers with authentication to execute arbitrary code on WOLFBOX Level 2 EV Charger devices by exploiting improper command frame parsing in the MCU. The flaw enables remote code execution when combined with other vulnerabilities, potentially compromising charger functionality and security. Only authenticated attackers on the same network can exploit this vulnerability.

💻 Affected Systems

Products:
  • WOLFBOX Level 2 EV Charger
Versions: Specific versions not disclosed in advisory
Operating Systems: Embedded MCU firmware
Default Config Vulnerable: ⚠️ Yes
Notes: Requires network adjacency and authentication. Exact firmware versions affected not specified in available references.

📦 What is this software?

Level 2 Ev Charger Firmware by Wolfbox

View all CVEs affecting Level 2 Ev Charger Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise allowing attackers to disable charging, manipulate billing data, access connected vehicle networks, or use the charger as an entry point to other network systems.

🟠

Likely Case

Disruption of charging services, unauthorized access to charger settings, or data exfiltration from the device.

🟢

If Mitigated

Limited impact due to authentication requirements and network segmentation, potentially only affecting charger availability.

🌐 Internet-Facing: LOW (requires network adjacency and authentication)
🏢 Internal Only: MEDIUM (requires authentication but could impact critical charging infrastructure)

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires authentication and network adjacency. The advisory mentions leveraging with other vulnerabilities for RCE.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not available

Vendor Advisory: Not available

Restart Required: No

Instructions:

No official patch available. Monitor vendor website for firmware updates and apply when released.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate EV chargers on dedicated network segments with strict access controls

Authentication Hardening

all

Implement strong authentication mechanisms and limit administrative access

🧯 If You Can't Patch

  • Implement strict network segmentation to isolate chargers from critical systems
  • Monitor network traffic to/from chargers for anomalous command patterns

🔍 How to Verify

Check if Vulnerable:

Check device model and firmware version against vendor advisory when available

Check Version:

Check via charger management interface or vendor documentation

Verify Fix Applied:

Verify firmware version matches patched version from vendor when available

📡 Detection & Monitoring

Log Indicators:

  • Unusual authentication attempts
  • Abnormal command frame patterns
  • MCU error messages

Network Indicators:

  • Malformed network packets to charger management ports
  • Unusual traffic patterns to charger IPs

SIEM Query:

source_ip IN (charger_ips) AND (protocol_anomaly OR auth_failure OR command_parsing_error)

📊 Metadata

CVE ID: CVE-2025-5747
CVSS v3 Score: 8.0 (HIGH)
CVSS Vector: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-115
EPSS Score: 0.13% exploit probability (32.9th percentile)
Published: June 6, 2025
Last Updated: August 14, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-5747, you might also want to check these:

CVE-2020-27846 9.8

CVE-2020-27846 is a signature verification vulnerability in the crewjam/saml library that allows att...

Same vulnerability type (CWE-115)
CVE-2020-29509 9.8

This vulnerability in Go's encoding/xml package allows attackers to craft XML inputs that behave inc...

Same vulnerability type (CWE-115)
CVE-2020-29511 9.8

This vulnerability in Go's encoding/xml package allows attackers to craft XML inputs that behave inc...

Same vulnerability type (CWE-115)