CVE-2025-5829 is a stack-based buffer overflow vulnerability identified in the Autel MaxiCharger AC Wallbox Commercial electric vehicle (EV) charging stations, specifically version 1.36.00. The flaw arises from improper validation of the length of user-supplied JSON messages before copying them into a fixed-length stack buffer. This lack of bounds checking allows a physically present attacker to craft malicious JSON payloads that overflow the stack buffer, leading to arbitrary code execution on the device. Notably, exploitation does not require authentication or user interaction, which increases the risk profile. The vulnerability affects the device’s firmware handling of JSON messages, enabling an attacker to execute code with the privileges of the device’s operating environment. Given the device’s role as an EV charger, successful exploitation could disrupt charging operations, compromise device integrity, or potentially pivot to other networked systems if the charger is connected to enterprise or utility networks. The CVSS v3.0 score is 6.8 (medium severity), reflecting the physical access requirement (AV:P), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), and high impact on confidentiality, integrity, and availability (C:H/I:H/A:H). There are currently no known exploits in the wild and no patches publicly available at the time of publication (June 25, 2025). This vulnerability was tracked under ZDI-CAN-26330 and classified as CWE-121 (stack-based buffer overflow).

For European organizations, the impact of this vulnerability could be significant, especially for entities deploying Autel MaxiCharger AC Wallbox Commercial EV chargers in commercial or public infrastructure settings. Successful exploitation could lead to full compromise of the charging station, allowing attackers to disrupt EV charging services, potentially causing operational downtime and reputational damage. Confidentiality breaches could occur if the device stores or transmits sensitive user or operational data. Integrity of charging operations could be undermined, possibly leading to incorrect billing or unsafe charging conditions. Availability is also at risk, as attackers could render chargers inoperable. Given the physical access requirement, the threat is more relevant to locations with less physical security or public access points. Additionally, compromised chargers connected to enterprise networks could serve as footholds for lateral movement or supply chain attacks. The absence of authentication requirements lowers the barrier for exploitation once physical access is obtained, increasing risk in environments with inadequate physical controls.

1. Implement strict physical security controls around EV charging stations to prevent unauthorized physical access, including surveillance, access restrictions, and tamper-evident measures. 2. Monitor charging station network traffic for anomalous JSON messages or unexpected communications that could indicate exploitation attempts. 3. Segregate EV charger network segments from critical enterprise or utility networks using VLANs or firewalls to limit lateral movement if a device is compromised. 4. Engage with Autel for firmware updates or patches addressing this vulnerability; prioritize deployment of updates once available. 5. Conduct regular security audits and penetration testing on EV charging infrastructure to identify and remediate vulnerabilities proactively. 6. Implement endpoint detection and response (EDR) solutions where possible on network segments hosting EV chargers to detect suspicious activity. 7. Educate on-site personnel about the risks of unauthorized physical access and encourage reporting of suspicious behavior around charging stations.