CVE-2025-5822

Autel MaxiCharger AC Wallbox Commercial Technician API Incorrect Authorization Privilege Escalation Vulnerability

Description

Autel MaxiCharger AC Wallbox Commercial Technician API Incorrect Authorization Privilege Escalation Vulnerability. This vulnerability allows remote attackers to escalate privileges on affected installations of Autel MaxiCharger AC Wallbox Commercial charging stations. An attacker must first obtain a low-privileged authorization token in order to exploit this vulnerability. The specific flaw exists within the implementation of the Autel Technician API. The issue results from incorrect authorization. An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the user. Was ZDI-CAN-26325.

INFO

Published Date :

2025-06-25T18:00:49.179Z

Last Modified :

2025-06-26T13:18:05.218Z

Source :

zdi

AFFECTED PRODUCTS

The following products are affected by CVE-2025-5822 vulnerability.

Vendors	Products
Autel	Maxicharger Ac Elite Business C50 Maxicharger Ac Elite Business C50 Firmware Maxicharger Ac Pro Maxicharger Ac Pro Firmware Maxicharger Ac Ultra Maxicharger Ac Ultra Firmware Maxicharger Dc Compact Mobile Maxicharger Dc Compact Mobile Firmware Maxicharger Dc Compact Pedestal Maxicharger Dc Compact Pedestal Firmware Maxicharger Dc Fast Maxicharger Dc Fast Firmware Maxicharger Dc Hipower Maxicharger Dc Hipower Firmware Maxicharger Dh480 Maxicharger Dh480 Firmware Maxicharger Single Charger Maxicharger Single Charger Firmware

Vendors

Products

Autel

Maxicharger Ac Elite Business C50
Maxicharger Ac Elite Business C50 Firmware
Maxicharger Ac Pro
Maxicharger Ac Pro Firmware
Maxicharger Ac Ultra
Maxicharger Ac Ultra Firmware
Maxicharger Dc Compact Mobile
Maxicharger Dc Compact Mobile Firmware
Maxicharger Dc Compact Pedestal
Maxicharger Dc Compact Pedestal Firmware
Maxicharger Dc Fast
Maxicharger Dc Fast Firmware
Maxicharger Dc Hipower
Maxicharger Dc Hipower Firmware
Maxicharger Dh480
Maxicharger Dh480 Firmware
Maxicharger Single Charger
Maxicharger Single Charger Firmware

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-5822.

URL	Resource
https://www.zerodayinitiative.com/advisories/ZDI-25-340/

CVSS Vulnerability Scoring System

V3.1
V3.0

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact