CVE-2025-55705 HIGH

CVE-2025-55705: EVMAPA Insufficient Session Expiration

Vendor Evmapa
Product EVMAPA
Weakness CWE-613 · Insufficient session expiration
Published January 22, 2026
Last update January 23, 2026

CVSS base score

7.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

What the vulnerability does

01Description

This vulnerability occurs when the system permits multiple simultaneous connections to the backend using the same charging station ID. This can result in unauthorized access, data inconsistency, or potential manipulation of charging sessions. The lack of proper session management and expiration control allows attackers to exploit this weakness by reusing valid charging station IDs to establish multiple sessions concurrently.

Key dates

02Disclosure timeline

January 22, 2026 CVE published
January 23, 2026 Record updated