CVE-2025-5822 is a high-severity vulnerability affecting the Autel MaxiCharger AC Wallbox Commercial electric vehicle charging stations, specifically version 1.36.00. The vulnerability arises from an incorrect authorization implementation in the Autel Technician API, which is designed to provide maintenance and configuration capabilities to authorized technicians. The flaw allows an attacker who has already obtained a low-privileged authorization token to escalate their privileges and gain access to resources and functions that should be restricted. This privilege escalation occurs due to improper validation of authorization levels within the API, classified under CWE-863 (Incorrect Authorization). The vulnerability does not require user interaction and can be exploited remotely over the network (CVSS vector AV:N/AC:L/PR:L/UI:N). While the attacker must first acquire a low-privileged token, the low attack complexity and lack of user interaction make exploitation feasible once initial access is obtained. The impact primarily affects confidentiality, allowing unauthorized access to sensitive data or control functions, with limited impact on integrity and no direct availability impact. No known exploits are currently reported in the wild, and no patches have been published at the time of disclosure. The vulnerability was publicly disclosed on June 25, 2025, and was assigned CVSS 3.0 base score 7.1, indicating a high severity level. The affected product is a commercial EV charging station, which is critical infrastructure in the growing electric vehicle ecosystem.

For European organizations, this vulnerability poses significant risks, especially for entities operating or managing EV charging infrastructure such as utility companies, commercial parking operators, and municipalities investing in green transportation. Unauthorized privilege escalation could allow attackers to access sensitive operational data, manipulate charging sessions, or disrupt billing and user authentication processes. This could lead to financial losses, reputational damage, and potential regulatory penalties under GDPR if personal data is exposed. Additionally, compromised charging stations could be leveraged as entry points into broader industrial or enterprise networks, increasing the risk of lateral movement and further compromise. The impact is heightened in Europe due to the continent's aggressive push towards electric mobility and the widespread deployment of EV charging infrastructure. Disruption or manipulation of these systems could undermine trust in EV services and slow adoption rates. Furthermore, attackers could exploit this vulnerability to interfere with energy management systems, potentially affecting grid stability if large numbers of chargers are compromised.

1. Immediate implementation of network segmentation to isolate EV charging infrastructure from critical enterprise and operational technology networks, limiting attacker lateral movement. 2. Enforce strict access controls and multi-factor authentication (MFA) for all technician and administrative interfaces to reduce the risk of low-privileged token compromise. 3. Monitor API access logs for anomalous behavior indicative of privilege escalation attempts, such as unusual API calls or access patterns inconsistent with technician roles. 4. Deploy intrusion detection/prevention systems (IDS/IPS) with signatures or heuristics tailored to detect exploitation attempts targeting the Autel Technician API. 5. Coordinate with Autel for timely patching once updates become available; in the interim, consider disabling or restricting remote access to the Technician API where feasible. 6. Conduct regular security audits and penetration testing focused on EV charging infrastructure to identify and remediate similar authorization weaknesses. 7. Implement strict credential management policies, including regular rotation and revocation of technician tokens, to minimize the window of opportunity for attackers. 8. Engage in threat intelligence sharing with industry groups and national cybersecurity centers to stay informed about emerging exploits and mitigation strategies specific to EV infrastructure.