CVE-2025-5825 is a high-severity vulnerability affecting the Autel MaxiCharger AC Wallbox Commercial electric vehicle charging stations, specifically firmware version 1.36.00. The vulnerability stems from improper validation of firmware images during the update process, allowing an attacker to downgrade the firmware to an older, potentially vulnerable version. This firmware downgrade can be exploited to execute arbitrary code remotely on the device. The attack vector requires the attacker to be network-adjacent and to first pair a malicious Bluetooth device with the target charging station. Once paired, the attacker can leverage the mutable security version number flaw (CWE-1328) to bypass firmware integrity checks and deploy malicious firmware. This flaw compromises the confidentiality, integrity, and availability of the charging station, as arbitrary code execution could lead to unauthorized control, data leakage, or denial of service. The CVSS v3.0 score of 7.5 reflects a high severity, with attack vector classified as adjacent network, high attack complexity, no privileges required, and no user interaction needed. Although no known exploits are currently in the wild, the vulnerability presents a significant risk due to the critical role of EV charging infrastructure and the potential for cascading impacts on connected systems and users relying on these stations.

For European organizations, the impact of this vulnerability is multifaceted. Autel MaxiCharger AC Wallbox Commercial units are deployed in commercial EV charging infrastructure, which is increasingly critical as Europe accelerates its transition to electric mobility. Exploitation could lead to unauthorized remote control of charging stations, potentially disrupting EV charging availability, causing financial losses, and damaging organizational reputation. Furthermore, compromised charging stations could serve as pivot points for lateral movement into corporate or utility networks, threatening broader operational technology (OT) and IT environments. The integrity of firmware updates is crucial for maintaining device security; thus, this vulnerability undermines trust in the supply chain and device lifecycle management. Given the increasing reliance on EV infrastructure in Europe, disruption or manipulation could also have regulatory and compliance implications, especially under frameworks like NIS2 Directive and GDPR if personal or operational data is affected.

To mitigate this vulnerability, European organizations should implement the following specific measures: 1) Immediately verify the firmware version of all deployed Autel MaxiCharger AC Wallbox Commercial units and restrict network access to these devices, especially Bluetooth pairing capabilities, to trusted personnel and devices only. 2) Employ network segmentation to isolate EV charging infrastructure from critical enterprise and OT networks, minimizing the risk of lateral movement. 3) Monitor Bluetooth pairing logs and network traffic for anomalous pairing attempts or firmware update activities indicative of exploitation attempts. 4) Engage with Autel for firmware updates or patches addressing this vulnerability; if none are currently available, request timelines and interim mitigation guidance. 5) Implement strict physical security controls around charging stations to prevent unauthorized physical access that could facilitate Bluetooth pairing. 6) Incorporate firmware integrity verification mechanisms, such as cryptographic signature validation, into update processes where possible, potentially via third-party security solutions or custom controls. 7) Develop incident response plans specific to EV charging infrastructure compromise scenarios to enable rapid containment and remediation.