CVE-2025-12357

Name of the Vulnerable Software and Affected Versions ISO 15118-2 compliant EV charging systems (affected versions not specified)

Description A flaw exists in the Signal Level Attenuation Characterization (SLAC) protocol used in electric vehicle (EV) charging systems that adhere to the ISO 15118-2 standard. This allows an attacker to manipulate measurements within the SLAC protocol to conduct a man-in-the-middle (MITM) attack. The attack can be performed wirelessly within a limited range using electromagnetic induction, enabling the attacker to intercept, modify, or forge communication between an electric vehicle and the charging station. This could lead to session hijacking and data exposure.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.