CVE-2025-24956 MEDIUM

CVE-2025-24956

Vendor Siemens
Product OpenV2G
Weakness CWE-120
Published February 11, 2025
Last update February 12, 2025

CVSS base score

6.2/10
Attack vector Local
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C

What the vulnerability does

01Description

A vulnerability has been identified in OpenV2G (All versions < V0.9.6). The OpenV2G EXI parsing feature is missing a length check when parsing X509 serial numbers. Thus, an attacker could introduce a buffer overflow that leads to memory corruption.

Key dates

02Disclosure timeline

February 11, 2025 CVE published
February 12, 2025 Record updated