CVE-2025-5825
HIGHDescription
Autel MaxiCharger AC Wallbox Commercial Firmware Downgrade Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Autel MaxiCharger AC Wallbox Commercial charging stations. An attacker must first obtain the ability to pair a malicious Bluetooth device with the target system in order to exploit this vulnerability. The specific flaw exists within the firmware update process. The issue results from the lack of proper validation of a firmware image before using it to perform an upgrade. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the device. Was ZDI-CAN-26354.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| autel | maxicharger_ac_elite_business_c50_firmware |
| autel | maxicharger_ac_elite_business_c50_firmware |
| autel | maxicharger_ac_elite_business_c50 |
| autel | maxicharger_ac_pro_firmware |
| autel | maxicharger_ac_pro_firmware |
| autel | maxicharger_ac_pro |
| autel | maxicharger_ac_ultra_firmware |
| autel | maxicharger_ac_ultra_firmware |
| autel | maxicharger_ac_ultra |
| autel | maxicharger_dc_compact_mobile_firmware |
| autel | maxicharger_dc_compact_mobile_firmware |
| autel | maxicharger_dc_compact_mobile |
| autel | maxicharger_dc_compact_pedestal_firmware |
| autel | maxicharger_dc_compact_pedestal_firmware |
| autel | maxicharger_dc_compact_pedestal |
| autel | maxicharger_dc_fast_firmware |
| autel | maxicharger_dc_fast_firmware |
| autel | maxicharger_dc_fast |
| autel | maxicharger_dc_hipower_firmware |
| autel | maxicharger_dc_hipower_firmware |
| autel | maxicharger_dc_hipower |
| autel | maxicharger_dh480_firmware |
| autel | maxicharger_dh480_firmware |
| autel | maxicharger_dh480 |
| autel | maxicharger_single_charger_firmware |
| autel | maxicharger_single_charger_firmware |
| autel | maxicharger_single_charger |
References
Other References
Frequently Asked Questions
What is CVE-2025-5825? +
How severe is CVE-2025-5825? +
What products are affected by CVE-2025-5825? +
How do I check if I'm vulnerable to CVE-2025-5825? +
Related Vulnerabilities
Tesla Wall Connector Firmware Downgrade Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of …
An improper access control vulnerability exists in Bitdefender Box 1 (firmware version 1.3.52.928 and below) that allows an unauthenticated attacker …
A new feature to prevent Firmware downgrades was recently added to some Lexmark products. A method to override this downgrade …
Dell Client Platform BIOS contains a Security Version Number Mutable to Older Versions vulnerability. A high privileged attacker with local …
Autel MaxiCharger AC Elite Business C50 AppAuthenExchangeRandomNum Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to …
Autel MaxiCharger AC Wallbox Commercial Technician API Incorrect Authorization Privilege Escalation Vulnerability. This vulnerability allows remote attackers to escalate privileges …