CVE-2026-25711

EPSS 0.05%
Veröffentlicht 26.02.2026 23:08:22
Zuletzt bearbeitet 02.03.2026 18:30:04
Quelle ics-cert@hq.dhs.gov
CVE-Watchlists
Login
Unerledigt
Login

The WebSocket backend uses charging station identifiers to uniquely 
associate sessions but allows multiple endpoints to connect using the 
same session identifier. This implementation results in predictable 
session identifiers and enables session hijacking or shadowing, where 
the most recent connection displaces the legitimate charging station and
 receives backend commands intended for that station. This vulnerability
 may allow unauthorized users to authenticate as other users or enable a
 malicious actor to cause a denial-of-service condition by overwhelming 
the backend with valid session requests.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Chargemap ≫ Chargemap.Com

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.05%	0.139

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
ics-cert@hq.dhs.gov	7.3	3.9	3.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CWE-613 Insufficient Session Expiration

According to WASC, "Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization."

https://chargemap.com/en-us/support

Product

https://www.cisa.gov/news-events/ics-advisories/icsa-26-057-05

Third Party Advisory

US Government Resource

https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-057-05.json

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2026-25711

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-25711

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-25711

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-25711