CVE-2025-5826 is a vulnerability identified in the Autel MaxiCharger AC Wallbox Commercial electric vehicle charging stations, specifically affecting version 1.36.00. The flaw resides in the ble_process_esp32_msg function, which is responsible for processing Bluetooth Low Energy (BLE) messages on the device. Due to improper handling and misinterpretation of input data (classified under CWE-115: Misinterpretation of Input), an attacker who is network-adjacent can inject arbitrary AT commands into the device without requiring any authentication or user interaction. This means that an attacker within wireless range of the charging station can send crafted BLE messages that the device incorrectly parses, allowing the attacker to execute commands at the device level. The impact of executing arbitrary AT commands includes potential manipulation of device behavior, disruption of charging operations, or possibly leveraging the device as a foothold for further network intrusion. The vulnerability has a CVSS 3.0 base score of 6.3, indicating a medium severity level, with attack vector classified as adjacent network (AV:A), low attack complexity (AC:L), no privileges required (PR:N), and no user interaction needed (UI:N). The confidentiality, integrity, and availability impacts are all rated low to medium, reflecting the potential for limited data exposure, modification, or service disruption. No known exploits are currently reported in the wild, and no patches have been published at the time of this analysis. The vulnerability was reserved and published in June 2025 by the Zero Day Initiative (ZDI) under the identifier ZDI-CAN-26368.

For European organizations, the impact of this vulnerability can be significant, especially for entities operating fleets of electric vehicles or managing public and commercial EV charging infrastructure. Exploitation could allow attackers to disrupt charging services, potentially causing operational downtime and impacting business continuity. In critical infrastructure contexts, such as municipal or corporate EV charging stations, this could lead to reputational damage and customer dissatisfaction. Additionally, the ability to inject arbitrary AT commands may allow attackers to alter device configurations or firmware behavior, which could be leveraged for persistent access or lateral movement within an organization's network if the charging stations are connected to internal systems. Given the increasing adoption of EV infrastructure in Europe as part of green energy initiatives, this vulnerability poses a risk to the integrity and availability of charging services, which are becoming essential for transportation and logistics sectors. The lack of authentication and user interaction requirements lowers the barrier for exploitation, increasing the threat level for organizations with exposed or poorly segmented charging station networks.

1. Network Segmentation: Isolate EV charging stations on a dedicated network segment with strict access controls to limit exposure to network-adjacent attackers. 2. Disable or Restrict BLE Interfaces: If BLE functionality is not required for operational purposes, disable it entirely. If BLE is necessary, implement filtering or whitelisting to restrict which devices can communicate with the charging station. 3. Monitor BLE Traffic: Deploy BLE traffic monitoring tools to detect anomalous or unauthorized command injections targeting charging stations. 4. Firmware Updates: Engage with Autel to obtain patches or firmware updates addressing this vulnerability as soon as they become available. 5. Physical Security: Ensure charging stations are physically secured to prevent attackers from gaining close proximity required for BLE exploitation. 6. Incident Response Planning: Prepare response procedures for potential charging station compromise, including rapid isolation and forensic analysis. 7. Vendor Communication: Maintain active communication with Autel and industry groups to stay informed about vulnerability disclosures and mitigation strategies. 8. Access Control Policies: Implement strict access control policies for management interfaces of charging stations to prevent unauthorized configuration changes even if AT commands are injected.