CVE-2025-5824
BaseFortify
Publication date: 2025-06-25
Last updated on: 2025-09-10
Assigner: Zero Day Initiative
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| autel | maxicharger_ac_elite_business_c50_firmware | to 1.39.51 (exc) |
| autel | maxicharger_ac_elite_business_c50_firmware | to 1.56.51 (exc) |
| autel | maxicharger_ac_elite_business_c50 | * |
| autel | maxicharger_ac_pro_firmware | to 1.39.51 (exc) |
| autel | maxicharger_ac_pro_firmware | to 1.56.51 (exc) |
| autel | maxicharger_ac_pro | * |
| autel | maxicharger_ac_ultra_firmware | to 1.39.51 (exc) |
| autel | maxicharger_ac_ultra_firmware | to 1.56.51 (exc) |
| autel | maxicharger_ac_ultra | * |
| autel | maxicharger_dc_compact_mobile_firmware | to 1.39.51 (exc) |
| autel | maxicharger_dc_compact_mobile_firmware | to 1.56.51 (exc) |
| autel | maxicharger_dc_compact_mobile | * |
| autel | maxicharger_dc_compact_pedestal_firmware | to 1.39.51 (exc) |
| autel | maxicharger_dc_compact_pedestal_firmware | to 1.56.51 (exc) |
| autel | maxicharger_dc_compact_pedestal | * |
| autel | maxicharger_dc_fast_firmware | to 1.39.51 (exc) |
| autel | maxicharger_dc_fast_firmware | to 1.56.51 (exc) |
| autel | maxicharger_dc_fast | * |
| autel | maxicharger_dc_hipower_firmware | to 1.39.51 (exc) |
| autel | maxicharger_dc_hipower_firmware | to 1.56.51 (exc) |
| autel | maxicharger_dc_hipower | * |
| autel | maxicharger_dh480_firmware | to 1.39.51 (exc) |
| autel | maxicharger_dh480_firmware | to 1.56.51 (exc) |
| autel | maxicharger_dh480 | * |
| autel | maxicharger_single_charger_firmware | to 1.39.51 (exc) |
| autel | maxicharger_single_charger_firmware | to 1.56.51 (exc) |
| autel | maxicharger_single_charger | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-346 | The product does not properly verify that the source of data or communication is valid. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-5824 is an authentication bypass vulnerability in the Autel MaxiCharger AC Wallbox Commercial. It occurs because the system does not properly validate the origin of Bluetooth pairing commands. An attacker who can pair a malicious Bluetooth device with the target system can exploit this flaw to bypass authentication and send unauthorized commands. [1]
How can this vulnerability impact me? :
This vulnerability allows an attacker with adjacent network access and the ability to pair a malicious Bluetooth device to bypass authentication on the affected system. This could lead to unauthorized access and control, potentially impacting confidentiality, integrity, and availability of the system, though the impact is considered low. [1]
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, ensure that unauthorized Bluetooth devices cannot pair with the Autel MaxiCharger AC Wallbox Commercial system by restricting Bluetooth pairing to trusted devices only. Monitor and control Bluetooth access to prevent malicious devices from pairing. Since the vulnerability arises from insufficient validation of Bluetooth pairing commands, limiting Bluetooth pairing capabilities and applying any available vendor patches or updates is recommended. [1]