CVE-2025-5824
HIGHDescription
Autel MaxiCharger AC Wallbox Commercial Origin Validation Error Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Autel MaxiCharger AC Wallbox Commercial. An attacker must first obtain the ability to pair a malicious Bluetooth device with the target system in order to exploit this vulnerability. The specific flaw exists within the handling of bluetooth pairing requests. The issue results from insufficient validation of the origin of commands. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-26353.
Is your site exposed to CVE-2025-5824?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| autel | maxicharger_ac_elite_business_c50_firmware |
| autel | maxicharger_ac_elite_business_c50_firmware |
| autel | maxicharger_ac_elite_business_c50 |
| autel | maxicharger_ac_pro_firmware |
| autel | maxicharger_ac_pro_firmware |
| autel | maxicharger_ac_pro |
| autel | maxicharger_ac_ultra_firmware |
| autel | maxicharger_ac_ultra_firmware |
| autel | maxicharger_ac_ultra |
| autel | maxicharger_dc_compact_mobile_firmware |
| autel | maxicharger_dc_compact_mobile_firmware |
| autel | maxicharger_dc_compact_mobile |
| autel | maxicharger_dc_compact_pedestal_firmware |
| autel | maxicharger_dc_compact_pedestal_firmware |
| autel | maxicharger_dc_compact_pedestal |
| autel | maxicharger_dc_fast_firmware |
| autel | maxicharger_dc_fast_firmware |
| autel | maxicharger_dc_fast |
| autel | maxicharger_dc_hipower_firmware |
| autel | maxicharger_dc_hipower_firmware |
| autel | maxicharger_dc_hipower |
| autel | maxicharger_dh480_firmware |
| autel | maxicharger_dh480_firmware |
| autel | maxicharger_dh480 |
| autel | maxicharger_single_charger_firmware |
| autel | maxicharger_single_charger_firmware |
| autel | maxicharger_single_charger |
References
Other References
Frequently Asked Questions
What is CVE-2025-5824? +
How severe is CVE-2025-5824? +
What products are affected by CVE-2025-5824? +
How do I check if I'm vulnerable to CVE-2025-5824? +
Related Vulnerabilities
OPPO Wallet APP contains a trusted domain validation flaw that allows attackers to bypass protected interface access restrictions, which may …
Idira Identity Browser Extension (Chrome, Firefox, and Edge builds) versions prior to 26.8.1 exhibit an origin validation flaw within its …
Improper Verification of Source of a Communication Channel in Work Desktop for Mac versions 10.8.1.46 and earlier allows attackers to …
"This issue is limited to motherboards and does not affect laptops, desktop computers, or other endpoints." An insufficient validation in …
In Sipwise rtpengine before 13.4.1.1, an origin-validation error in the endpoint-learning logic of the media-relay core allows remote attackers to …
DNS rebinding vulnerability in Neo4j Cypher MCP server allows malicious websites to bypass Same-Origin Policy protections and execute unauthorised tool …