Back

Vulnerabilities in EV Chargers Expose Consumers to Cyber Threats

Severity: Medium (Score: 54.9)

Sources: Bitdefender

Summary

As electric vehicle (EV) chargers become more advanced, they inherit new vulnerabilities, particularly through power line communication (PLC) systems. The ISO 15118 standard, which facilitates communication between EVs and chargers, has been identified as having several weaknesses, including susceptibility to eavesdropping and man-in-the-middle (MiTM) attacks. A notable vulnerability, CVE-2025-12357, was published on October 31, 2025, highlighting risks associated with the SLAC pairing process. These vulnerabilities can lead to privacy issues, session manipulation, and billing abuse, affecting consumers who view their chargers merely as power devices. The lack of robust security measures, such as TLS and outdated firmware, increases the risk of exploitation. Homeowners are advised to treat their chargers as IoT endpoints and maintain good security practices, including regular firmware updates. The overall impact is significant, as compromised chargers can serve as weak points in broader network security. Key Points: • EV chargers are vulnerable to eavesdropping and MiTM attacks due to PLC weaknesses. • CVE-2025-12357 highlights specific risks in the SLAC pairing process. • Homeowners must treat EV chargers as IoT devices and ensure firmware is regularly updated.

Key Entities

  • Denial-of-Service (attack_type)
  • Denial of Service (attack_type)
  • Man-in-the-Middle (attack_type)
  • CVE-2025-12357 (cve)
  • T1557 - Adversary-in-the-Middle (mitre_attack)
  • HomePlug Green PHY (platform)
  • ISO 15118 (platform)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed