CVE-2025-5823
BaseFortify
Publication date: 2025-06-25
Last updated on: 2025-09-10
Assigner: Zero Day Initiative
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| autel | maxicharger_ac_elite_business_c50_firmware | to 1.39.51 (exc) |
| autel | maxicharger_ac_elite_business_c50_firmware | to 1.56.51 (exc) |
| autel | maxicharger_ac_elite_business_c50 | * |
| autel | maxicharger_ac_pro_firmware | to 1.39.51 (exc) |
| autel | maxicharger_ac_pro_firmware | to 1.56.51 (exc) |
| autel | maxicharger_ac_pro | * |
| autel | maxicharger_ac_ultra_firmware | to 1.39.51 (exc) |
| autel | maxicharger_ac_ultra_firmware | to 1.56.51 (exc) |
| autel | maxicharger_ac_ultra | * |
| autel | maxicharger_dc_compact_mobile_firmware | to 1.39.51 (exc) |
| autel | maxicharger_dc_compact_mobile_firmware | to 1.56.51 (exc) |
| autel | maxicharger_dc_compact_mobile | * |
| autel | maxicharger_dc_compact_pedestal_firmware | to 1.39.51 (exc) |
| autel | maxicharger_dc_compact_pedestal_firmware | to 1.56.51 (exc) |
| autel | maxicharger_dc_compact_pedestal | * |
| autel | maxicharger_dc_fast_firmware | to 1.39.51 (exc) |
| autel | maxicharger_dc_fast_firmware | to 1.56.51 (exc) |
| autel | maxicharger_dc_fast | * |
| autel | maxicharger_dc_hipower_firmware | to 1.39.51 (exc) |
| autel | maxicharger_dc_hipower_firmware | to 1.56.51 (exc) |
| autel | maxicharger_dc_hipower | * |
| autel | maxicharger_dh480_firmware | to 1.39.51 (exc) |
| autel | maxicharger_dh480_firmware | to 1.56.51 (exc) |
| autel | maxicharger_dh480 | * |
| autel | maxicharger_single_charger_firmware | to 1.39.51 (exc) |
| autel | maxicharger_single_charger_firmware | to 1.56.51 (exc) |
| autel | maxicharger_single_charger | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-749 | The product provides an Applications Programming Interface (API) or similar interface for interaction with external actors, but the interface includes a dangerous method or function that is not properly restricted. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-5823 is an information disclosure vulnerability in the Autel MaxiCharger AC Wallbox Commercial electric vehicle chargers. It arises from an exposed dangerous method in the Autel Technician API implementation. An attacker with authentication can remotely exploit this flaw to disclose sensitive information such as commercial serial numbers and credentials, potentially leading to further compromise of the affected systems. [1]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing a remote attacker with authentication to disclose sensitive information like commercial serial numbers and credentials from your Autel MaxiCharger AC Wallbox Commercial EV chargers. This information disclosure can lead to further compromise of your installations, potentially exposing your systems to unauthorized access or other security risks. [1]
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, ensure that access to the Autel Technician API is strictly controlled and limited to authorized personnel only, as exploitation requires authentication with high privileges. Review and restrict API permissions to prevent exposure of dangerous methods. Additionally, monitor and audit API usage for any suspicious activity. Applying any available vendor patches or updates addressing this issue is also recommended. [1]