CVE-2025-5747 is a high-severity vulnerability affecting the WOLFBOX Level 2 Electric Vehicle (EV) Charger, specifically in versions 3.1.17 (main) and 1.2.6 (MCU). The vulnerability stems from a CWE-115 weakness, which involves the misinterpretation of input during command frame parsing by the charger's microcontroller unit (MCU). The flaw arises because the MCU does not correctly detect the start of a command frame, leading to potential misalignment or misinterpretation of incoming data frames. This parsing error can be exploited by a network-adjacent attacker who has authenticated access to the device. By leveraging this flaw, potentially in combination with other vulnerabilities, an attacker can execute arbitrary code on the device, gaining control over the charger's MCU. The CVSS v3.0 score of 8.0 reflects the high impact on confidentiality, integrity, and availability, with low attack complexity but requiring privileges (authentication) and no user interaction. Although no known exploits are currently reported in the wild, the vulnerability poses a significant risk given the critical role of EV chargers in infrastructure and the potential for attackers to disrupt charging services or manipulate device behavior remotely. The vulnerability was assigned by ZDI (ZDI-CAN-26501) and published on June 6, 2025.

For European organizations, this vulnerability could have substantial operational and security impacts. EV chargers are increasingly deployed across Europe as part of the continent's green energy initiatives and transportation infrastructure modernization. Compromise of WOLFBOX Level 2 chargers could lead to unauthorized control over charging operations, potentially causing denial of service to EV users or manipulation of charging parameters that could damage vehicles or the power grid. Confidentiality breaches could expose sensitive operational data or user information. Integrity and availability impacts could disrupt EV charging networks, affecting fleet operators, public charging stations, and private installations. Given the reliance on EV infrastructure for transportation and energy transition goals, exploitation could have cascading effects on mobility and energy management. Additionally, attackers could use compromised chargers as footholds within organizational networks, especially if chargers are connected to corporate or utility networks, increasing the risk of lateral movement and broader cyberattacks.

To mitigate this vulnerability, European organizations using WOLFBOX Level 2 EV Chargers should: 1) Immediately verify the firmware versions of their devices and coordinate with WOLFBOX for patches or firmware updates addressing CVE-2025-5747. 2) Restrict network access to the chargers, ensuring that only trusted and authenticated users can communicate with the devices, ideally isolating chargers on segmented networks with strict access controls. 3) Implement strong authentication mechanisms and monitor authentication logs for suspicious access attempts. 4) Employ network intrusion detection systems (NIDS) to detect anomalous command frames or unusual traffic patterns targeting the chargers. 5) Conduct regular security audits and penetration testing focused on EV charging infrastructure to identify and remediate potential weaknesses. 6) Collaborate with vendors and industry groups to share threat intelligence and best practices for securing EV charging stations. 7) Prepare incident response plans specific to EV infrastructure compromise, including rapid isolation and recovery procedures.