CVE-2025-5748 is a high-severity remote code execution (RCE) vulnerability affecting the WOLFBOX Level 2 Electric Vehicle (EV) Charger, specifically in versions 3.1.17 (main) and 1.2.6 (MCU). The vulnerability stems from an exposed dangerous method within the Tuya communications module software embedded in the charger. This method allows an attacker to upload crafted software images to the device remotely over the local area network (LAN). Although the vulnerability nominally requires authentication, the existing authentication mechanism can be bypassed, effectively allowing network-adjacent attackers to execute arbitrary code on the device without proper authorization. The flaw is categorized under CWE-749, which refers to exposed dangerous methods or functions that can be exploited to compromise system security. Exploitation of this vulnerability enables attackers to run code in the context of the device, potentially leading to full device compromise. The CVSS v3.0 base score is 8.0, indicating a high severity with the vector AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, meaning the attack requires network adjacency, low attack complexity, privileges but no user interaction, and impacts confidentiality, integrity, and availability to a high degree. No known public exploits have been reported yet, and no patches are currently linked, indicating that affected organizations should prioritize mitigation and monitoring. This vulnerability was identified and assigned by the Zero Day Initiative (ZDI) as ZDI-CAN-26349.

For European organizations, the impact of this vulnerability is significant, especially for entities deploying WOLFBOX Level 2 EV Chargers in commercial, residential, or public charging infrastructure. Successful exploitation could allow attackers to gain control over the charging stations, potentially disrupting EV charging services, causing denial of service, or using compromised chargers as pivot points for lateral movement within internal networks. This could affect critical infrastructure sectors including transportation, energy, and smart city deployments. Confidentiality breaches could expose sensitive operational data or user information. Integrity violations could lead to manipulation of charging parameters or firmware, potentially damaging connected vehicles or infrastructure. Availability impacts could disrupt EV charging availability, undermining user trust and operational continuity. Given the increasing adoption of EV infrastructure in Europe and the strategic importance of sustainable transportation, this vulnerability poses a tangible risk to both private enterprises and public sector organizations.

1. Immediate network segmentation: Isolate EV chargers from critical internal networks to limit attacker movement in case of compromise. 2. Restrict LAN access: Implement strict access controls and firewall rules to limit which devices can communicate with the chargers over the LAN. 3. Monitor network traffic: Deploy anomaly detection systems to identify unusual upload attempts or unauthorized communications targeting the Tuya module. 4. Authentication hardening: Even though the existing authentication can be bypassed, review and strengthen authentication mechanisms where possible, including multi-factor authentication or device-level certificates. 5. Firmware integrity verification: Implement out-of-band firmware validation mechanisms to detect unauthorized or malicious firmware images before installation. 6. Vendor engagement: Engage with WOLFBOX and Tuya to obtain patches or firmware updates as soon as they become available and apply them promptly. 7. Incident response readiness: Prepare for potential exploitation by establishing monitoring, logging, and rapid response procedures specific to EV charger infrastructure. 8. Physical security: Ensure physical access to chargers is controlled to prevent local exploitation or tampering.