CVE-2025-12357

International Standards Organization ISO 15118-2 Improper Restriction of Communication Channel to Intended Endpoints

Description

By manipulating the Signal Level Attenuation Characterization (SLAC) protocol with spoofed measurements, an attacker can stage a man-in-the-middle attack between an electric vehicle and chargers that comply with the ISO 15118-2 part. This vulnerability may be exploitable wirelessly, within close proximity, via electromagnetic induction.

INFO

Published Date :

2025-10-31T15:33:48.343Z

Last Modified :

2025-11-03T19:01:59.520Z

Source :

icscert

AFFECTED PRODUCTS

The following products are affected by CVE-2025-12357 vulnerability.

Vendors	Products
Iec	Ev Car Chargers

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-12357.

URL	Resource
https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-303-01.json
https://www.cisa.gov/news-events/ics-advisories/icsa-25-303-01
https://www.iec.ch/contact?id=40499

CVSS Vulnerability Scoring System

V4
V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Attack Requirements

Privileges Required

User Interaction

VS Confidentiality

VS Integrity

VS Availability

SS Confidentiality

SS Integrity

SS Availability

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact