CVE-2025-5747
BaseFortify
Publication date: 2025-06-06
Last updated on: 2025-08-14
Assigner: Zero Day Initiative
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wolfbox | level_2_ev_charger_firmware | 3.1.17 |
| wolfbox | level_2_ev_charger | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-115 | The product misinterprets an input, whether from an attacker or another product, in a security-relevant fashion. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the WOLFBOX Level 2 EV Charger devices, specifically in the microcontroller unit's (MCU) command frame parsing logic. The MCU does not properly detect the start of a command frame, which causes it to misinterpret input data. An attacker who is network-adjacent and has authentication can exploit this flaw, potentially in combination with other vulnerabilities, to execute arbitrary code on the device. [1]
How can this vulnerability impact me? :
Exploitation of this vulnerability can allow an attacker to execute arbitrary code on the affected WOLFBOX Level 2 EV Charger device. This can lead to a high impact on the device's confidentiality, integrity, and availability, potentially allowing unauthorized control, data manipulation, or disruption of the device's operation. [1]
What immediate steps should I take to mitigate this vulnerability?
Since exploitation requires authentication and network adjacency, immediate mitigation steps include restricting network access to the WOLFBOX Level 2 EV Charger devices to trusted users only, enforcing strong authentication controls, and monitoring for any suspicious activity. Additionally, consider isolating the devices on a separate network segment to reduce exposure. No official patches or remediation from WOLFBOX are available as attempts to contact them were unsuccessful. [1]