CVE-2025-5830 is a high-severity heap-based buffer overflow vulnerability identified in the Autel MaxiCharger AC Wallbox Commercial electric vehicle (EV) charging stations, specifically affecting version 1.36.00 of the product. The vulnerability arises from improper validation of the length of user-supplied data within the handling of DLB_SlaveRegister messages. This flaw allows an attacker who is network-adjacent—that is, within the same network segment or able to send packets to the device—to send specially crafted messages that overflow a fixed-length heap buffer. The overflow can lead to arbitrary code execution in the context of the device’s operating environment. Notably, exploitation does not require any authentication or user interaction, significantly lowering the barrier for attackers. The vulnerability is classified under CWE-122 (Heap-based Buffer Overflow), which typically results in memory corruption, potentially allowing attackers to execute malicious payloads, disrupt device functionality, or gain persistent control over the device. The CVSS v3.0 score of 8.8 reflects the critical nature of this vulnerability, with high impact on confidentiality, integrity, and availability, and low attack complexity. Although no known exploits have been reported in the wild yet, the presence of this vulnerability in commercial EV charging infrastructure poses a significant risk given the increasing deployment of such devices in public and private charging networks. The affected product is used in commercial settings, which may include public charging stations, fleet charging depots, and corporate facilities, making the potential attack surface broad and impactful.

For European organizations, the impact of this vulnerability is multifaceted. EV charging infrastructure is critical to the continent’s green energy and transportation initiatives, and disruption or compromise could have cascading effects. Successful exploitation could allow attackers to execute arbitrary code on charging stations, potentially leading to denial of service (charging disruption), unauthorized access to network segments, or pivoting points for further attacks within corporate or public networks. This could undermine operational continuity, damage brand reputation, and expose organizations to regulatory penalties under GDPR if personal or operational data is compromised. Additionally, compromised chargers could be manipulated to cause physical damage or safety hazards, raising concerns for public safety and liability. The vulnerability’s network-adjacent exploit vector means attackers could operate from nearby locations or compromised devices on the same network, increasing the risk in shared or public environments. Given the strategic importance of EV infrastructure in Europe’s energy transition, this vulnerability could also attract interest from state-sponsored actors aiming to disrupt critical infrastructure.

1. Immediate deployment of vendor patches or firmware updates once available is critical; organizations should maintain close communication with Autel for updates. 2. Network segmentation should be enforced to isolate EV charging stations from broader corporate or public networks, limiting attacker access to the vulnerable devices. 3. Implement strict network access controls and monitoring for anomalous DLB_SlaveRegister message traffic to detect and block exploitation attempts. 4. Use network intrusion detection/prevention systems (IDS/IPS) with custom signatures tailored to detect malformed or oversized DLB_SlaveRegister packets. 5. Restrict physical and logical access to charging stations, especially in public or semi-public environments, to reduce the risk of network-adjacent attackers. 6. Conduct regular security assessments and penetration testing focused on EV charging infrastructure to identify and remediate vulnerabilities proactively. 7. Maintain comprehensive logging and incident response plans specific to EV infrastructure to enable rapid detection and mitigation of exploitation attempts. 8. Consider deploying compensating controls such as application-layer firewalls or protocol whitelisting to validate message integrity before processing.