Remote Denial-of-Service Vulnerability in Charging Stations Complying with German Calibration Law
CVE-2025-24002

5.3MEDIUM

Key Information:

Vendor: Phoenix Contact
Status: Charx Sec-3150; Charx Sec-3100; Charx Sec-3050; Charx Sec-3000
Vendor: CVE Published:; 8 July 2025

🔔 Create Phoenix Contact Vulnerability Alert

What is CVE-2025-24002?

An unauthenticated remote attacker can exploit this vulnerability by sending specially crafted MQTT messages, causing a service disruption in charging stations that follow German Calibration Law. This results in a temporary denial-of-service state, requiring manual intervention via a watchdog restart to restore functionality.

Affected Version(s)

CHARX SEC-3000 0.0.0 <= 1.6.5

CHARX SEC-3050 0.0.0 <= 1.6.5

CHARX SEC-3100 0.0.0 <= 1.6.5

References

https://certvde.com/en/advisories/VDE-2025-014

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 8, 2025
Vulnerability Reserved
Jan 16, 2025

Credit

Jesson Soto Ventura

Matthew Waddell