CVE-2025-5828 is a buffer overflow vulnerability classified under CWE-120 that affects the Autel MaxiCharger AC Wallbox Commercial electric vehicle (EV) chargers, specifically version 1.36.00. The flaw arises from improper validation of the length of user-supplied data within USB frame packets before copying it into a fixed-length buffer. This classic buffer overflow allows an attacker who has physical access to the device to execute arbitrary code remotely without requiring any authentication or user interaction. The vulnerability is rooted in the device's firmware handling of USB communication, where the lack of bounds checking on input data leads to memory corruption. Exploiting this vulnerability enables an attacker to run code with the privileges of the device, potentially compromising the charger’s operational integrity and enabling further attacks on connected infrastructure. Although no public exploits have been observed in the wild, the vulnerability has been assigned a CVSS 3.0 base score of 6.8, indicating a medium severity level. The attack vector is physical (AV:P), meaning the attacker must be physically present to connect to the USB interface. The vulnerability impacts confidentiality, integrity, and availability, as arbitrary code execution could lead to data leakage, device manipulation, or denial of service. The flaw was reported by the Zero Day Initiative (ZDI) under identifier ZDI-CAN-26328 and was published on June 25, 2025. No patches or mitigations have been officially released at the time of this analysis.

For European organizations, the impact of this vulnerability can be significant, particularly for entities operating EV charging infrastructure using the affected Autel MaxiCharger AC Wallbox Commercial units. Successful exploitation could allow attackers to disrupt charging services, manipulate billing data, or use compromised chargers as pivot points to infiltrate broader operational technology (OT) or IT networks. This could affect utilities, commercial parking operators, and public charging networks, potentially causing service outages and financial losses. Additionally, compromised chargers could undermine trust in EV infrastructure security, slowing EV adoption. Given the physical access requirement, the threat is more pronounced in publicly accessible or poorly secured charging stations. The vulnerability also raises safety concerns, as malicious code execution could interfere with the device’s power delivery mechanisms. The medium CVSS score reflects the balance between the high impact of exploitation and the limited attack vector. However, the absence of authentication and user interaction requirements increases risk in environments where physical security is lax.

1. Implement strict physical security controls around EV charging stations to prevent unauthorized physical access, including surveillance, access restrictions, and tamper-evident seals. 2. Monitor USB ports on chargers for unauthorized connections using hardware or software-based port control solutions. 3. Network segmentation should isolate EV chargers from critical IT and OT systems to limit lateral movement in case of compromise. 4. Employ anomaly detection systems to identify unusual device behavior indicative of exploitation attempts. 5. Coordinate with Autel for timely firmware updates or patches; if unavailable, consider temporary operational measures such as disabling USB interfaces where feasible. 6. Conduct regular security audits and penetration tests focusing on physical attack vectors and device firmware vulnerabilities. 7. Educate personnel responsible for charger maintenance on recognizing signs of tampering and the importance of reporting suspicious activity promptly. 8. Explore deployment of endpoint protection solutions tailored for embedded devices if supported by the charger platform.