CVE-2025-5822 – Autel MaxiCharger AC Wallbox Commercial Technician API Privilege Escalation Vulnerability

June 25, 2025

CVE ID : CVE-2025-5822

Published : June 25, 2025, 6:15 p.m. | 24 minutes ago

Description : Autel MaxiCharger AC Wallbox Commercial Technician API Incorrect Authorization Privilege Escalation Vulnerability. This vulnerability allows remote attackers to escalate privileges on affected installations of Autel MaxiCharger AC Wallbox Commercial charging stations. An attacker must first obtain a low-privileged authorization token in order to exploit this vulnerability.

The specific flaw exists within the implementation of the Autel Technician API. The issue results from incorrect authorization. An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the user. Was ZDI-CAN-26325.

Severity: 7.1 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-5827 – Autel MaxiCharger AC Wallbox Commercial BLE Stack-based Buffer Overflow Remote Code Execution Vulnerability

Next Article CVE-2025-49550 – Adobe Commerce Incorrect Authorization Bypass Vulnerability

10 Benefits of Hiring a React.js Development Company (2025–2026 Edition)

From Line To Layout: How Past Experiences Shape Your Design Career

Hire React.js Developers in the US: How to Choose the Right Team for Your Needs

Google’s coding agent Jules gets critique functionality

The best smartphones without AI features in 2025: Expert tested and recommended

GPT-5 was supposed to simplify ChatGPT but now it has 4 new modes – here’s why

Gemini just got two of ChatGPT’s best features – and they’re free

The HP OmniBook 5 laptop offers 34 hours of battery life – and it’s 60% off today only

Laravel Boost is released

Laravel Boost is released

Frontend Standards for Optimizely Configured Commerce: Clean & Scalable Web Best Practices

Live Agent Escalation in Copilot Studio Using D365 Omnichannel – Architecture and Use Case

OpenAI’s Sam Altman: GPT-5 fails to meet AGI standards amid Microsoft’s fading partnership — “it’s still missing something”

OpenAI’s Sam Altman: GPT-5 fails to meet AGI standards amid Microsoft’s fading partnership — “it’s still missing something”

You Think You Need a Monster PC to Run Local AI, Don’t You? — My Seven-Year-Old Mid-range Laptop Says Otherwise

8 Registry Tweaks that will Make File Explorer Faster and Easier to Use on Windows 11

CVE-2025-5822 – Autel MaxiCharger AC Wallbox Commercial Technician API Privilege Escalation Vulnerability

How the always-on generation can level up its cybersecurity game

Supply-chain dependencies: Check your resilience blind spot

CVE-2025-47271 – GitHub OZI Action Command Injection

Gaining a Competitive Edge with Advanced AI Agents🏁

CVE-2025-5137 – DedeCMS Distant Code Injection Vulnerability

Newer Intel GPU Support Now Available on Ubuntu 24.04 LTS

My time with HP’s most powerful gaming laptop ever shows OMEN is ready to compete with the big dogs

Quality begins with planning: Building software with the right mindset

CVE-2025-7942 – A vulnerability has been found in PHPGurukul Taxi

CVE-2025-28986 – Webaholicson Epicwin Plugin CSRF SQL Injection

CVE-2025-5822 – Autel MaxiCharger AC Wallbox Commercial Technician API Privilege Escalation Vulnerability

Related Posts