CVE-2025-5822HIGH 8.8EPSS p23.8%

CVE-2025-5822CVE-2025-5822

Description

Autel MaxiCharger AC Wallbox Commercial Technician API Incorrect Authorization Privilege Escalation Vulnerability. This vulnerability allows remote attackers to escalate privileges on affected installations of Autel MaxiCharger AC Wallbox Commercial charging stations. An attacker must first obtain a low-privileged authorization token in order to exploit this vulnerability. The specific flaw exists within the implementation of the Autel Technician API. The issue results from incorrect authorization. An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the user. Was ZDI-CAN-26325.

Scoring

CVSS 3.18.8 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS0.32% probability of exploitation · percentile 23.8% · 2026-06-19T12:03:05Z
Published2025-06-25
Last modified2025-09-10

Underlying weaknesses· 1

CWE-863

References

  1. https://www.zerodayinitiative.com/advisories/ZDI-25-340/

1

TypeTargetConfidenceTier
WeaknessIncorrect Authorizationcwe-8630%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-5830
CVE
CVE-2025-5827
CVE
CVE-2025-52263
CVE
CVE-2026-25851
CVE
CVE-2025-41682
CVE
CVE-2026-25192
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.