CVE-2025-5827

Q: What is the severity of CVE-2025-5827?

CVE-2025-5827 has a CVSS score of 8.8 (HIGH). A stack-based buffer overflow in the ble_process_esp32_msg function of Autel MaxiCharger AC Wallbox Commercial EV chargers allows network-adjacent attackers to execute arbitrary code without authentication. This vulnerability affects EV charging stations that use the vulnerable firmware. Attackers can gain full control of the charger device.

8.8 HIGH

Remote Code Execution Buffer Overflow

📋 TL;DR

A stack-based buffer overflow in the ble_process_esp32_msg function of Autel MaxiCharger AC Wallbox Commercial EV chargers allows network-adjacent attackers to execute arbitrary code without authentication. This vulnerability affects EV charging stations that use the vulnerable firmware. Attackers can gain full control of the charger device.

💻 Affected Systems

Products:

Autel MaxiCharger AC Wallbox Commercial EV Charger

Versions: Specific vulnerable versions not publicly detailed in advisory

Operating Systems: Embedded firmware on ESP32 microcontroller

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability is in the BLE (Bluetooth Low Energy) processing component. All devices with the vulnerable firmware are affected regardless of configuration.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device takeover allowing attackers to disable charging, manipulate billing, access connected vehicle data, or use the device as a foothold into the network.

🟠

Likely Case

Device compromise leading to service disruption, unauthorized access to charging functions, or data exfiltration from the device.

🟢

If Mitigated

Limited impact if network segmentation prevents adjacent access, but device remains vulnerable to local attackers.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires network adjacency (Bluetooth range) and knowledge of the BLE communication protocol. No authentication is required.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not specified

Vendor Advisory: Not provided in available references

Restart Required: Yes

Instructions:

1. Contact Autel for firmware update availability. 2. Download official firmware from Autel support. 3. Apply update following manufacturer instructions. 4. Verify successful update.

🔧 Temporary Workarounds

Disable BLE if not required

all

Turn off Bluetooth Low Energy functionality if not needed for operations

Manufacturer-specific configuration command not publicly available

Network segmentation

all

Isolate EV chargers on separate network segments with strict access controls

🧯 If You Can't Patch

Physically restrict access to charging area to prevent Bluetooth proximity attacks
Implement continuous monitoring for unusual BLE traffic patterns

🔍 How to Verify

Check if Vulnerable:

Check firmware version against vendor advisory when available. Currently, assume all devices are vulnerable until patched.

Check Version:

Manufacturer-specific command not publicly documented

Verify Fix Applied:

Verify firmware version matches patched version from vendor advisory

📡 Detection & Monitoring

Log Indicators:

Unusual BLE connection attempts
Firmware crash logs
Unexpected device reboots

Network Indicators:

Abnormal BLE traffic patterns
Multiple failed BLE connection attempts from single source

SIEM Query:

Not applicable - embedded device logs typically not integrated into SIEM

📊 Metadata

CVE ID: CVE-2025-5827

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-121

EPSS Score: 0.06% exploit probability (19.6th percentile)

Published: June 25, 2025

Last Updated: September 10, 2025

🔗 References

https://www.zerodayinitiative.com/advisories/ZDI-25-346/ Third Party Advisory