CVE-2025-7357 is a high-severity vulnerability affecting LITEON IC48A and IC80A electric vehicle (EV) chargers. Specifically, firmware versions prior to 01.00.19r for the IC48A and prior to 01.01.12e for the IC80A store FTP server access credentials in plaintext within their system logs. This vulnerability is classified under CWE-256, which pertains to the plaintext storage of sensitive information such as passwords. The CVSS 4.0 base score of 8.7 reflects the critical nature of this flaw, with an attack vector that is network-based (AV:N), requiring no privileges (PR:N), no user interaction (UI:N), and no authentication (AT:N). The vulnerability impacts confidentiality (VC:H) severely, while integrity and availability are not affected (VI:N, VA:N). The lack of encryption or secure storage mechanisms for FTP credentials means that an attacker who can access the system logs—potentially remotely—can retrieve these credentials and gain unauthorized access to the FTP server. This could lead to further compromise of the EV charger infrastructure or connected systems. The vulnerability does not require user interaction or prior authentication, increasing its exploitability. Although no known exploits are currently reported in the wild, the straightforward nature of the vulnerability and the criticality of the affected systems make it a significant threat. The affected products are specialized EV chargers used in electric vehicle infrastructure, which are increasingly deployed in public and private charging stations. The exposure of FTP credentials could allow attackers to manipulate firmware, disrupt charging services, or exfiltrate sensitive operational data.

For European organizations, this vulnerability poses a substantial risk to the integrity and confidentiality of EV charging infrastructure. As Europe aggressively expands its electric vehicle adoption and charging networks, compromised chargers could disrupt service availability, damage brand reputation, and potentially expose user data or operational details. Attackers leveraging stolen FTP credentials might upload malicious firmware or configuration files, leading to denial of service or unsafe charging conditions. Additionally, compromised chargers could serve as entry points into broader corporate or municipal networks, especially if connected to smart grid or IoT management systems. The impact extends beyond individual organizations to critical infrastructure sectors, including transportation and energy, which are tightly regulated and essential for economic stability. The vulnerability's ease of exploitation without authentication or user interaction increases the likelihood of automated attacks or widespread scanning by threat actors targeting EV infrastructure.

Organizations should immediately verify the firmware versions of deployed LITEON IC48A and IC80A EV chargers and prioritize upgrading to versions 01.00.19r or later for IC48A and 01.01.12e or later for IC80A once available. In the absence of patches, restrict network access to the FTP service and system logs to trusted administrators only, using network segmentation and firewall rules. Implement monitoring and alerting for unusual FTP access patterns or log retrieval attempts. Where possible, disable FTP access if not essential or replace it with more secure protocols such as SFTP or FTPS that encrypt credentials in transit and at rest. Conduct regular audits of system logs to detect any exposure of sensitive credentials. Additionally, consider deploying endpoint detection and response (EDR) solutions on management systems interfacing with EV chargers to detect lateral movement or anomalous activities. Collaborate with LITEON and EV infrastructure providers to ensure timely updates and share threat intelligence related to this vulnerability. Finally, incorporate this vulnerability into incident response plans focusing on EV infrastructure compromise scenarios.