Out-of-Bounds Write Vulnerability in Charging Stations by VDE
CVE-2025-24003

8.2HIGH

Key Information:

Vendor: Phoenix Contact
Status: Charx Sec-3150; Charx Sec-3100; Charx Sec-3050; Charx Sec-3000
Vendor: CVE Published:; 8 July 2025

🔔 Create Phoenix Contact Vulnerability Alert

What is CVE-2025-24003?

An unauthenticated remote attacker can exploit vulnerabilities in charging stations compliant with German Calibration Law by sending specially crafted MQTT messages. This can lead to out-of-bounds write vulnerabilities that compromise the integrity of EichrechtAgents. Such exploitation not only risks the integrity of these agents but also could result in potential denial-of-service conditions for the affected charging stations.

Affected Version(s)

CHARX SEC-3000 0.0.0 <= 1.6.5

CHARX SEC-3050 0.0.0 <= 1.6.5

CHARX SEC-3100 0.0.0 <= 1.6.5

References

https://certvde.com/en/advisories/VDE-2025-014

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 8, 2025
Vulnerability Reserved
Jan 16, 2025

Credit

Jesson Soto Ventura

Matthew Waddell