CVE-2025-5829

6.8 MEDIUM

Remote Code Execution Buffer Overflow

📋 TL;DR

This vulnerability allows physically present attackers to execute arbitrary code on Autel MaxiCharger AC Wallbox Commercial EV chargers by exploiting a stack-based buffer overflow in JSON message handling. No authentication is required, enabling attackers with physical access to potentially take full control of affected charging stations.

💻 Affected Systems

Products:

Autel MaxiCharger AC Wallbox Commercial EV Chargers

Versions: Specific vulnerable versions not specified in advisory

Operating Systems: Embedded firmware

Default Config Vulnerable: ⚠️ Yes

Notes: All default configurations appear vulnerable. Physical access to the charging station is required for exploitation.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise allowing attacker to disable charging functionality, manipulate billing data, access connected vehicle data, or use the device as a foothold into connected networks.

🟠

Likely Case

Device disruption causing charging service outages, potential data theft from connected vehicles, or installation of persistent malware on charging infrastructure.

🟢

If Mitigated

Limited impact if devices are physically secured and network-isolated, though buffer overflow could still cause device crashes.

🌐 Internet-Facing: LOW

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires physical access to the charging station and knowledge of the JSON message structure. No authentication bypass needed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not specified

Vendor Advisory: Not provided in available references

Restart Required: No

Instructions:

1. Monitor Autel security advisories for patch availability
2. Apply firmware updates when released
3. Follow vendor's specific update procedures for EV charging equipment

🔧 Temporary Workarounds

Physical Access Restriction

all

Restrict physical access to charging stations to authorized personnel only

Network Segmentation

all

Isolate EV charging stations on separate network segments with strict firewall rules

🧯 If You Can't Patch

Implement strict physical security controls around charging stations
Deploy network monitoring for unusual traffic patterns from charging stations

🔍 How to Verify

Check if Vulnerable:

Check device firmware version against vendor's vulnerability list when available

Check Version:

Check through device management interface or physical display - specific command not provided

Verify Fix Applied:

Verify firmware version has been updated to patched version specified by vendor

📡 Detection & Monitoring

Log Indicators:

Multiple failed JSON parsing attempts
Device crash/restart events
Unusual network traffic from charging station

Network Indicators:

Unusual JSON payloads to charging station management ports
Traffic patterns indicating buffer overflow attempts

SIEM Query:

source="ev_charger" AND (event_type="crash" OR event_type="buffer_overflow" OR json_parse_errors > threshold)

📊 Metadata

CVE ID: CVE-2025-5829

CVSS v3 Score: 6.8 (MEDIUM)

CVSS Vector: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-121

EPSS Score: 0.09% exploit probability (24.8th percentile)

Published: June 25, 2025

Last Updated: September 10, 2025

🔗 References

https://www.zerodayinitiative.com/advisories/ZDI-25-348/ Third Party Advisory