CVE-2025-5749
BaseFortify
Publication date: 2025-06-06
Last updated on: 2025-08-14
Assigner: Zero Day Initiative
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wolfbox | level_2_ev_charger_firmware | 3.1.17 |
| wolfbox | level_2_ev_charger | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-457 | The code uses a variable that has not been initialized, leading to unpredictable or unintended results. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in WOLFBOX Level 2 EV Charger devices is due to an uninitialized variable used in handling cryptographic keys for vendor-specific encrypted BLE communications. Because the variable is not properly initialized, network-adjacent attackers can bypass authentication on the device without needing any privileges or user interaction. [1]
How can this vulnerability impact me? :
An attacker who is on a network adjacent to the affected WOLFBOX Level 2 EV Charger device can bypass authentication, potentially gaining unauthorized access to the device. This can impact the confidentiality, integrity, and availability of the device and its communications. [1]
What immediate steps should I take to mitigate this vulnerability?
Since no remediation or patch from WOLFBOX is available and attempts to contact the vendor were unsuccessful, immediate mitigation steps include restricting network access to the affected WOLFBOX Level 2 EV Charger devices, especially limiting BLE communications to trusted devices only, and monitoring for unusual BLE activity. Additionally, consider isolating the devices on a separate network segment to reduce exposure to network-adjacent attackers. [1]