CVE-2025-55705

This vulnerability occurs when the system permits multiple simultaneous connections to the backend using the same charging station ID. This can result in unauthorized access, data inconsistency, or potential manipulation of charging sessions. The lack of proper session management and expiration control allows attackers to exploit this weakness by reusing valid charging station IDs to establish multiple sessions concurrently.

CVSS v3 7.3 HIGH

7.3^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-022-08.json	Third Party Advisory
https://www.cisa.gov/news-events/ics-advisories/icsa-26-022-08	Third Party Advisory US Government Resource

Configurations

Configuration 1 (hide)

cpe:2.3:a:evmapa:evmapa:*:*:*:*:*:*:*:*

History

12 Feb 2026, 18:02

Type	Values Removed	Values Added
References	~~() https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-022-08.json -~~	() https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-022-08.json - Third Party Advisory
References	~~() https://www.cisa.gov/news-events/ics-advisories/icsa-26-022-08 -~~	() https://www.cisa.gov/news-events/ics-advisories/icsa-26-022-08 - Third Party Advisory, US Government Resource
First Time		Evmapa evmapa Evmapa
CPE		cpe:2.3:a:evmapa:evmapa::::::::

22 Jan 2026, 23:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-01-22 23:15

Updated : 2026-02-12 18:02

NVD link : CVE-2025-55705

Mitre link : CVE-2025-55705

CVE.ORG link : CVE-2025-55705

JSON object : View

Products Affected

evmapa

evmapa

CWE

CWE-613

Insufficient Session Expiration

{"id": "CVE-2025-55705", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "ics-cert@hq.dhs.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.3, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 3.4, "exploitabilityScore": 3.9}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2026-01-22T23:15:50.137", "references": [{"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-022-08.json", "tags": ["Third Party Advisory"], "source": "ics-cert@hq.dhs.gov"}, {"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-022-08", "tags": ["Third Party Advisory", "US Government Resource"], "source": "ics-cert@hq.dhs.gov"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "ics-cert@hq.dhs.gov", "description": [{"lang": "en", "value": "CWE-613"}]}], "descriptions": [{"lang": "en", "value": "This vulnerability occurs when the system permits multiple simultaneous \nconnections to the backend using the same charging station ID. This can \nresult in unauthorized access, data inconsistency, or potential \nmanipulation of charging sessions. The lack of proper session management\n and expiration control allows attackers to exploit this weakness by \nreusing valid charging station IDs to establish multiple sessions \nconcurrently."}], "lastModified": "2026-02-12T18:02:38.060", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:evmapa:evmapa:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8C85ACDB-38D2-4466-9206-529F45F4720E"}], "operator": "OR"}]}], "sourceIdentifier": "ics-cert@hq.dhs.gov"}