CVE-2025-6678 – Autel MaxiCharger AC Wallbox Commercial PIN Missing Authentication Information Disclosure

June 25, 2025

CVE ID : CVE-2025-6678

Published : June 25, 2025, 6:15 p.m. | 24 minutes ago

Description : Autel MaxiCharger AC Wallbox Commercial PIN Missing Authentication Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Autel MaxiCharger AC Wallbox Commercial charging stations. Authentication is not required to exploit this vulnerability.

The specific flaw exists within the Pile API. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to disclose credentials, leading to further compromise. Was ZDI-CAN-26352.

Severity: 7.5 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleKDE Update Turns Off Potentially Seizure Triggering Effect

Next Article CVE-2025-6621 – TOTOLINK CA300-PoE Os Command Injection Vulnerability

The Power Of The Intl API: A Definitive Guide To Browser-Native Internationalization

This week in AI dev tools: GPT-5, Claude Opus 4.1, and more (August 8, 2025)

Elastic simplifies log analytics for SREs and developers with launch of Log Essentials

OpenAI launches GPT-5

I compared the best headphones from Apple, Sony, Bose, and Sonos: Here’s how the AirPods Max wins

I changed these 6 settings on my iPad to significantly improve its battery life

DistroWatch Weekly, Issue 1134

3 portable power stations I travel everywhere with (and how they differ)

Next.js PWA offline capability with Service Worker, no extra package

Next.js PWA offline capability with Service Worker, no extra package

spatie/laravel-flare

Establishing Consistent Data Foundations with Laravel’s Database Population System

Windows 11 Copilot gets free access to GPT-5 Thinking, reduced rate limits than ChatGPT Free

Windows 11 Copilot gets free access to GPT-5 Thinking, reduced rate limits than ChatGPT Free

Best Architecture AI Rendering Platform: 6 Tools Tested

Microsoft won’t kill off Chromium Edge and PWAs on Windows 10 until October 2028

CVE-2025-6678 – Autel MaxiCharger AC Wallbox Commercial PIN Missing Authentication Information Disclosure

Researchers Reveal ReVault Attack Targeting Dell ControlVault3 Firmware in 100+ Laptop Models

Researchers Detail Windows EPM Poisoning Exploit Chain Leading to Domain Privilege Escalation

CVE-2025-4531 – Seeyon Zhiyuan OA Web Application System Remote Code Injection Vulnerability

Countdown to the Kibo Connect Client Summit 2025

SQL-R1: A Reinforcement Learning-based NL2SQL Model that Outperforms Larger Systems in Complex Queries with Transparent and Accurate SQL Generation

CVE-2025-5291 – Master Slider WordPress Stored Cross-Site Scripting Vulnerability

Zencoder acquires Machinet to further improve its AI coding agents

SeedLM: Compressing LLM Weights into Seeds of Pseudo-Random Generators

CVE-2025-5682 – Drupal Klaro Cookie & Consent Management Cross-Site Scripting (XSS)

Jamie Oliver website serves up a side of malware

CVE-2025-6678 – Autel MaxiCharger AC Wallbox Commercial PIN Missing Authentication Information Disclosure

Related Posts