CVE-2025-12143 is a stack-based buffer overflow vulnerability identified in ABB Terra AC wallbox devices, specifically affecting firmware versions up to 1.8.33. The vulnerability is classified under CWE-121, indicating improper handling of buffer boundaries on the stack, which can lead to memory corruption. The flaw requires an attacker to have high-level privileges and authenticated access to the device, but no user interaction is necessary. Exploitation could allow an attacker to overwrite critical memory regions, potentially causing denial of service or arbitrary code execution, impacting the device's integrity and availability. The CVSS 4.0 vector (AV:A/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/S:N/AU:N/R:A/V:D/RE:L) reflects that the attack vector is adjacent network, with low attack complexity, no attack or user interaction needed, and significant impact on integrity and availability. No known exploits have been reported in the wild, and no official patches have been released yet. ABB is the vendor responsible for the product, and the vulnerability was reserved in late October 2025 and published in late November 2025. The Terra AC wallbox is a widely deployed electric vehicle charging station, making this vulnerability relevant for organizations managing EV infrastructure.

For European organizations, the impact of CVE-2025-12143 could be significant, particularly for those operating electric vehicle charging infrastructure using ABB Terra AC wallboxes. Successful exploitation could disrupt charging services, leading to denial of service and operational downtime, which can affect business continuity and customer satisfaction. Moreover, if exploited for arbitrary code execution, attackers might pivot into broader network segments, threatening confidentiality and integrity of connected systems. Critical infrastructure operators, commercial EV charging networks, and public charging stations are at risk. The disruption could also have cascading effects on energy management and smart grid operations. Given the medium severity and the requirement for high privileges, the threat is more relevant to insiders or attackers who have already gained elevated access, but the potential for damage remains substantial.

To mitigate CVE-2025-12143, European organizations should immediately restrict access to ABB Terra AC wallbox management interfaces to trusted personnel and networks only, employing network segmentation and strong access controls. Implement multi-factor authentication for all administrative access to reduce the risk of privilege escalation. Monitor device logs and network traffic for unusual activity indicative of exploitation attempts, such as unexpected crashes or memory errors. Disable any unnecessary services or interfaces on the wallbox to reduce the attack surface. Prepare to deploy vendor patches promptly once available, and maintain an inventory of affected devices to prioritize updates. Additionally, consider deploying intrusion detection systems tailored to detect buffer overflow exploitation patterns. Conduct regular security assessments and penetration testing focused on EV charging infrastructure to identify and remediate vulnerabilities proactively.