CVE-2025-12357 identifies a vulnerability in the ISO 15118-2 standard, which governs network and application protocol requirements for electric vehicle (EV) chargers. The weakness lies in the Signal Level Attenuation Characterization (SLAC) protocol, which is used to establish secure communication channels between EVs and chargers over power line communication. An attacker can manipulate SLAC by injecting spoofed attenuation measurements, enabling a man-in-the-middle (MitM) attack. This allows interception, modification, or disruption of communication between the EV and charger. Notably, the attack can be conducted wirelessly via electromagnetic induction within close physical proximity, without requiring any prior authentication or user interaction, making it particularly insidious. The vulnerability is classified under CWE-923, which relates to improper control of communication channel or protocol. The CVSS 3.1 score of 8.3 (AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H) indicates that the attack requires adjacent network access (local proximity), has low complexity, no privileges or user interaction needed, and results in high confidentiality and availability impacts, with limited integrity impact. Although no known exploits are currently in the wild, the potential for disruption of EV charging sessions and data interception is significant, especially as EV adoption grows. The lack of available patches suggests that manufacturers and standards bodies need to urgently address this protocol-level flaw.

For European organizations, this vulnerability poses a critical risk to the rapidly expanding EV charging infrastructure, which is integral to national sustainability and transportation strategies. Confidentiality impacts include potential interception of sensitive data exchanged during charging sessions, such as user credentials or billing information. Availability impacts are severe, as attackers could disrupt or deny charging services, affecting both private and public EV users. This could undermine trust in EV infrastructure and slow adoption rates. Integrity impact is lower but still present, as attackers might alter communication parameters, potentially causing charging malfunctions or safety issues. The wireless, proximity-based nature of the attack means that attackers could operate in public charging locations, increasing the risk to commercial charging networks and fleet operators. European energy providers, municipalities, and EV infrastructure operators must consider the operational and reputational risks. The vulnerability also raises concerns about the security of future smart grid integrations and vehicle-to-grid communications, which rely on secure EV charger protocols.

Mitigation should focus on multiple layers: First, EV charger manufacturers must update firmware to implement robust validation and authentication mechanisms for SLAC protocol measurements, preventing spoofing attempts. This may involve cryptographic verification of attenuation data or enhanced anomaly detection algorithms. Second, operators should enforce physical security measures at charging stations to restrict unauthorized close proximity access, such as surveillance cameras, access controls, or shielding to reduce electromagnetic induction attack feasibility. Third, network segmentation and monitoring should be applied to isolate EV charging networks from critical IT infrastructure and detect unusual SLAC or communication patterns indicative of MitM attempts. Fourth, collaboration with standards bodies to revise ISO 15118-2 to address this protocol weakness is essential for long-term security. Finally, raising awareness among EV infrastructure stakeholders about this threat will help prioritize timely patch deployment and incident response planning. Organizations should also consider deploying intrusion detection systems tailored to power line communication anomalies and conduct regular security assessments of EV charging points.