Privilege Escalation Vulnerability in Autel MaxiCharger AC Wallbox by Autel
CVE-2025-5822

7.1HIGH

Key Information:

Vendor: Autel
Status: Autel Maxicharger Ac Wallbox Commercial
Vendor: CVE Published:; 25 June 2025

What is CVE-2025-5822?

The Autel MaxiCharger AC Wallbox Commercial Technician API contains a flaw that permits remote attackers to escalate their privileges. This vulnerability arises from improper authorization handling, allowing an attacker with a low-privileged authorization token to gain access to restricted resources. This could lead to unauthorized control over the charging stations, posing significant risks to security and operational integrity.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Autel MaxiCharger AC Wallbox Commercial 1.36.00

References

https://www.zerodayinitiative.com/advisories/ZDI-25-340/

x_research-advisory

CVSS V3.0

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 25, 2025
Vulnerability Reserved
Jun 6, 2025

JSON

Autel