CVE-2025-5824

Autel MaxiCharger AC Wallbox Commercial Origin Validation Error Authentication Bypass Vulnerability

Description

Autel MaxiCharger AC Wallbox Commercial Origin Validation Error Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Autel MaxiCharger AC Wallbox Commercial. An attacker must first obtain the ability to pair a malicious Bluetooth device with the target system in order to exploit this vulnerability. The specific flaw exists within the handling of bluetooth pairing requests. The issue results from insufficient validation of the origin of commands. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-26353.

INFO

Published Date :

2025-06-25T17:59:54.446Z

Last Modified :

2025-06-25T18:21:28.310Z

Source :

zdi

AFFECTED PRODUCTS

The following products are affected by CVE-2025-5824 vulnerability.

Vendors	Products
Autel	Maxicharger Ac Elite Business C50 Maxicharger Ac Elite Business C50 Firmware Maxicharger Ac Pro Maxicharger Ac Pro Firmware Maxicharger Ac Ultra Maxicharger Ac Ultra Firmware Maxicharger Dc Compact Mobile Maxicharger Dc Compact Mobile Firmware Maxicharger Dc Compact Pedestal Maxicharger Dc Compact Pedestal Firmware Maxicharger Dc Fast Maxicharger Dc Fast Firmware Maxicharger Dc Hipower Maxicharger Dc Hipower Firmware Maxicharger Dh480 Maxicharger Dh480 Firmware Maxicharger Single Charger Maxicharger Single Charger Firmware

Vendors

Products

Autel

Maxicharger Ac Elite Business C50
Maxicharger Ac Elite Business C50 Firmware
Maxicharger Ac Pro
Maxicharger Ac Pro Firmware
Maxicharger Ac Ultra
Maxicharger Ac Ultra Firmware
Maxicharger Dc Compact Mobile
Maxicharger Dc Compact Mobile Firmware
Maxicharger Dc Compact Pedestal
Maxicharger Dc Compact Pedestal Firmware
Maxicharger Dc Fast
Maxicharger Dc Fast Firmware
Maxicharger Dc Hipower
Maxicharger Dc Hipower Firmware
Maxicharger Dh480
Maxicharger Dh480 Firmware
Maxicharger Single Charger
Maxicharger Single Charger Firmware

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-5824.

URL	Resource
https://www.zerodayinitiative.com/advisories/ZDI-25-343/

CVSS Vulnerability Scoring System

V3.1
V3.0

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact