CVE-2025-5827 – Autel MaxiCharger AC Wallbox Commercial BLE Stack-based Buffer Overflow Remote Code Execution Vulnerability

June 25, 2025

CVE ID : CVE-2025-5827

Published : June 25, 2025, 6:15 p.m. | 44 minutes ago

Description : Autel MaxiCharger AC Wallbox Commercial ble_process_esp32_msg Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Autel MaxiCharger AC Wallbox Commercial EV chargers. Authentication is not required to exploit this vulnerability.

The specific flaw exists within the ble_process_esp32_msg function. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-26369.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-5825 – Autel MaxiCharger AC Wallbox Commercial Firmware Remote Code Execution Vulnerability

Next Article CVE-2025-5822 – Autel MaxiCharger AC Wallbox Commercial Technician API Privilege Escalation Vulnerability

10 Benefits of Hiring a React.js Development Company (2025–2026 Edition)

From Line To Layout: How Past Experiences Shape Your Design Career

Hire React.js Developers in the US: How to Choose the Right Team for Your Needs

Google’s coding agent Jules gets critique functionality

The best smartphones without AI features in 2025: Expert tested and recommended

GPT-5 was supposed to simplify ChatGPT but now it has 4 new modes – here’s why

Gemini just got two of ChatGPT’s best features – and they’re free

I found the easiest way to send files between my Android phone and desktop – and it’s free

Laravel Boost is released

Laravel Boost is released

Frontend Standards for Optimizely Configured Commerce: Clean & Scalable Web Best Practices

Live Agent Escalation in Copilot Studio Using D365 Omnichannel – Architecture and Use Case

OpenAI’s Sam Altman: GPT-5 fails to meet AGI standards amid Microsoft’s fading partnership — “it’s still missing something”

OpenAI’s Sam Altman: GPT-5 fails to meet AGI standards amid Microsoft’s fading partnership — “it’s still missing something”

You Think You Need a Monster PC to Run Local AI, Don’t You? — My Seven-Year-Old Mid-range Laptop Says Otherwise

8 Registry Tweaks that will Make File Explorer Faster and Easier to Use on Windows 11

CVE-2025-5827 – Autel MaxiCharger AC Wallbox Commercial BLE Stack-based Buffer Overflow Remote Code Execution Vulnerability

How the always-on generation can level up its cybersecurity game

Supply-chain dependencies: Check your resilience blind spot

A Step-by-Step Coding Guide to Building a Gemini-Powered AI Startup Pitch Generator Using LiteLLM Framework, Gradio, and FPDF in Google Colab with PDF Export Support

CVE-2025-1056 – Axis Camera Station Pro File Path Traversal Vulnerability

CVE-2025-46652 – IZArc Mark-of-the-Web Bypass Information Disclosure Vulnerability

Sign up for T-Mobile 5G home internet and get $300 back – here’s how

CVE-2025-36014 – IBM Integration Bus for z/OS Code Injection Vulnerability

Raspberry Pi 5 Desktop Mini PC: Power Consumption

CVE-2025-47581 – Elbisnero WordPress Events Calendar Registration & Tickets Object Injection Vulnerability

Microsoft Bumps Up Zero Day Quest’s Prize Pool to $5 Million

CVE-2025-5827 – Autel MaxiCharger AC Wallbox Commercial BLE Stack-based Buffer Overflow Remote Code Execution Vulnerability

Related Posts