CVE-2025-12357 is a vulnerability classified under CWE-923 affecting the ISO 15118-2 standard, which defines network and application protocol requirements for EV car chargers. The flaw arises from the ability of an attacker to manipulate the Signal Level Attenuation Characterization (SLAC) protocol by injecting spoofed measurements. SLAC is used to establish secure communication channels between an EV and the charger by characterizing the physical layer signal attenuation. By spoofing these measurements, an attacker can position themselves as a man-in-the-middle (MitM), intercepting or altering communications between the vehicle and charger. The attack vector is notable because it can be executed wirelessly via electromagnetic induction, requiring only close physical proximity, and does not require prior authentication or user interaction. The vulnerability has a CVSS 3.1 base score of 8.3, indicating high severity, with a vector emphasizing low attack complexity, no privileges required, and no user interaction. The impact includes high confidentiality loss, limited integrity compromise, and high availability disruption, potentially allowing attackers to disrupt charging sessions or exfiltrate sensitive data exchanged during the charging process. Although no exploits are currently known in the wild, the vulnerability’s presence in a critical infrastructure component for EVs makes it a significant concern. The lack of available patches underscores the need for immediate mitigation strategies focused on protocol validation and physical security controls.

For European organizations, this vulnerability threatens the confidentiality and availability of EV charging infrastructure communications. Given Europe’s aggressive push towards electric mobility and the widespread deployment of ISO 15118-2 compliant chargers, attackers could exploit this flaw to intercept sensitive data such as authentication credentials or billing information, or disrupt charging services causing operational downtime. Critical infrastructure operators, fleet management companies, and public charging networks could face service interruptions, reputational damage, and financial losses. The wireless nature of the attack means that attackers only need close proximity, increasing the risk in public or semi-public charging locations. Disruption of EV charging could also hinder broader environmental and energy transition goals in Europe. Additionally, compromised chargers could be leveraged as entry points for further network intrusions if connected to enterprise systems. The vulnerability thus poses a multifaceted risk affecting confidentiality, integrity, and availability of EV charging ecosystems.

1. Implement enhanced validation and anomaly detection mechanisms within the SLAC protocol stack to detect and reject spoofed attenuation measurements. 2. Employ physical security measures at charging stations to restrict unauthorized close-proximity access, such as surveillance cameras and controlled access zones. 3. Network segmentation should be enforced to isolate EV charging infrastructure from critical enterprise networks, limiting lateral movement in case of compromise. 4. Monitor charging session logs for unusual patterns indicative of MitM attacks or communication anomalies. 5. Collaborate with EV charger manufacturers and standards bodies to accelerate development and deployment of patches or protocol updates addressing this vulnerability. 6. Educate operational staff on the risks and signs of wireless proximity attacks to enable timely incident response. 7. Consider deploying electromagnetic shielding or signal hardening techniques at high-risk locations to reduce the feasibility of induction-based attacks. 8. Regularly update firmware and software components of EV chargers as vendors release security updates. 9. Engage in threat intelligence sharing within the EV and critical infrastructure sectors to stay informed about emerging exploitation attempts.