CVE-2025-5747HIGH 8.0EPSS p26.9%

CVE-2025-5747CVE-2025-5747

Description

WOLFBOX Level 2 EV Charger MCU Command Parsing Misinterpretation of Input Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installatons of WOLFBOX Level 2 EV Charger devices. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of command frames received by the MCU. When parsing frames, the process does not properly detect the start of a frame, which can lead to misinterpretation of input. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the device. Was ZDI-CAN-26501.

Scoring

CVSS 3.08.0 (HIGH)
VectorCVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS0.35% probability of exploitation · percentile 26.9% · 2026-06-19T12:03:05Z
Published2025-06-06
Last modified2025-08-14

Underlying weaknesses· 1

CWE-115

References

  1. https://www.zerodayinitiative.com/advisories/ZDI-25-326/

1

TypeTargetConfidenceTier
WeaknessMisinterpretation of Inputcwe-1150%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-5748
CVE
CVE-2025-5749
CVE
CVE-2025-5750
CVE
CVE-2025-5827
CVE
CVE-2025-5830
CVE
CVE-2025-5822
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.