CVE-2026-25774: CWE-522 in EV Energy ev.energy
CVE-2026-25774 is a medium severity vulnerability affecting all versions of the EV Energy ev. energy product. The issue involves charging station authentication identifiers being publicly accessible through web-based mapping platforms, leading to potential unauthorized access or misuse. The vulnerability is classified under CWE-522, indicating insufficiently protected credentials. Exploitation requires no authentication or user interaction and can be performed remotely over the network. While no known exploits are currently in the wild, the exposure of authentication identifiers could lead to confidentiality and integrity impacts, such as unauthorized control or tracking of charging stations. Organizations using ev. energy should monitor for updates and implement compensating controls to restrict access to sensitive identifiers. Countries with significant EV infrastructure and adoption of ev. energy solutions are at higher risk.
AI Analysis
Technical Summary
CVE-2026-25774 identifies a vulnerability in the EV Energy ev.energy product where charging station authentication identifiers are publicly exposed via web-based mapping platforms. This exposure stems from insufficient protection of credentials (CWE-522), allowing attackers to obtain sensitive authentication data without requiring any privileges or user interaction. The vulnerability affects all versions of the product and can be exploited remotely over the network. The authentication identifiers are critical for controlling and managing charging stations, and their public availability could enable unauthorized entities to impersonate legitimate users or manipulate charging station operations. Although there is no evidence of active exploitation, the vulnerability presents a risk to confidentiality and integrity, potentially allowing attackers to track usage patterns, disrupt billing, or interfere with charging sessions. The CVSS 3.1 base score of 6.5 reflects a medium severity, considering the vulnerability's network accessibility, lack of required privileges, and the limited scope of impact on availability. The vulnerability was published on February 27, 2026, and no patches or mitigations have been officially released yet.
Potential Impact
The primary impact of this vulnerability is the compromise of confidentiality and integrity of charging station authentication identifiers. Unauthorized access to these identifiers could allow attackers to impersonate legitimate users or devices, potentially leading to fraudulent use of charging stations, manipulation of charging sessions, or unauthorized tracking of user behavior. While availability is not directly affected, the integrity compromise could indirectly disrupt normal operations or billing processes. Organizations deploying ev.energy solutions may face reputational damage, financial losses, and regulatory scrutiny if sensitive data is misused. The vulnerability could also undermine trust in EV infrastructure security, especially as electric vehicle adoption grows globally. The risk is heightened in regions with dense EV charging networks and widespread use of ev.energy products.
Mitigation Recommendations
Until official patches are released, organizations should implement compensating controls such as restricting access to web-based mapping platforms that expose authentication identifiers, using network segmentation to limit exposure of charging station management interfaces, and monitoring for unusual access patterns or unauthorized use of charging stations. Employing strong authentication and authorization mechanisms at the application layer can help mitigate risks from exposed identifiers. Additionally, organizations should engage with EV Energy for timely updates and patches, conduct regular security audits of their EV infrastructure, and educate users about the risks of sharing sensitive charging station information publicly. Implementing anomaly detection systems to identify suspicious activities related to charging stations can also reduce potential exploitation.
Affected Countries
United States, Germany, United Kingdom, Netherlands, France, China, Japan, South Korea, Canada, Australia
CVE-2026-25774: CWE-522 in EV Energy ev.energy
Description
CVE-2026-25774 is a medium severity vulnerability affecting all versions of the EV Energy ev. energy product. The issue involves charging station authentication identifiers being publicly accessible through web-based mapping platforms, leading to potential unauthorized access or misuse. The vulnerability is classified under CWE-522, indicating insufficiently protected credentials. Exploitation requires no authentication or user interaction and can be performed remotely over the network. While no known exploits are currently in the wild, the exposure of authentication identifiers could lead to confidentiality and integrity impacts, such as unauthorized control or tracking of charging stations. Organizations using ev. energy should monitor for updates and implement compensating controls to restrict access to sensitive identifiers. Countries with significant EV infrastructure and adoption of ev. energy solutions are at higher risk.
AI-Powered Analysis
Technical Analysis
CVE-2026-25774 identifies a vulnerability in the EV Energy ev.energy product where charging station authentication identifiers are publicly exposed via web-based mapping platforms. This exposure stems from insufficient protection of credentials (CWE-522), allowing attackers to obtain sensitive authentication data without requiring any privileges or user interaction. The vulnerability affects all versions of the product and can be exploited remotely over the network. The authentication identifiers are critical for controlling and managing charging stations, and their public availability could enable unauthorized entities to impersonate legitimate users or manipulate charging station operations. Although there is no evidence of active exploitation, the vulnerability presents a risk to confidentiality and integrity, potentially allowing attackers to track usage patterns, disrupt billing, or interfere with charging sessions. The CVSS 3.1 base score of 6.5 reflects a medium severity, considering the vulnerability's network accessibility, lack of required privileges, and the limited scope of impact on availability. The vulnerability was published on February 27, 2026, and no patches or mitigations have been officially released yet.
Potential Impact
The primary impact of this vulnerability is the compromise of confidentiality and integrity of charging station authentication identifiers. Unauthorized access to these identifiers could allow attackers to impersonate legitimate users or devices, potentially leading to fraudulent use of charging stations, manipulation of charging sessions, or unauthorized tracking of user behavior. While availability is not directly affected, the integrity compromise could indirectly disrupt normal operations or billing processes. Organizations deploying ev.energy solutions may face reputational damage, financial losses, and regulatory scrutiny if sensitive data is misused. The vulnerability could also undermine trust in EV infrastructure security, especially as electric vehicle adoption grows globally. The risk is heightened in regions with dense EV charging networks and widespread use of ev.energy products.
Mitigation Recommendations
Until official patches are released, organizations should implement compensating controls such as restricting access to web-based mapping platforms that expose authentication identifiers, using network segmentation to limit exposure of charging station management interfaces, and monitoring for unusual access patterns or unauthorized use of charging stations. Employing strong authentication and authorization mechanisms at the application layer can help mitigate risks from exposed identifiers. Additionally, organizations should engage with EV Energy for timely updates and patches, conduct regular security audits of their EV infrastructure, and educate users about the risks of sharing sensitive charging station information publicly. Implementing anomaly detection systems to identify suspicious activities related to charging stations can also reduce potential exploitation.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- icscert
- Date Reserved
- 2026-02-24T00:16:49.664Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 69a0ebae32ffcdb8a293f322
Added to database: 2/27/2026, 12:56:14 AM
Last enriched: 2/27/2026, 1:12:16 AM
Last updated: 2/27/2026, 3:34:29 AM
Views: 5
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Related Threats
CVE-2026-3285: Out-of-Bounds Read in berry-lang berry
MediumCVE-2026-3284: Integer Overflow in libvips
MediumCVE-2026-3283: Out-of-Bounds Read in libvips
MediumCVE-2026-3282: Out-of-Bounds Read in libvips
MediumCVE-2026-3281: Heap-based Buffer Overflow in libvips
MediumActions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console in Console -> Billing for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.