PatchSiren cyber security CVE debrief
CVE-2025-7357 LITEON CVE debrief
CVE-2025-7357 affects LITEON IC48A and IC80A EV chargers. In the affected firmware versions, FTP-server-access credentials are written in cleartext to system logs, creating a sensitive information exposure risk. CISA published the advisory as ICSA-25-196-03 on 2025-07-15. LITEON lists fixed firmware versions of 01.00.20h for IC48A and 01.01.13m for IC80A.
- Vendor
- LITEON
- Product
- IC48A EV Charger
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-07-15
- Original CVE updated
- 2025-07-15
- Advisory published
- 2025-07-15
- Advisory updated
- 2025-07-15
Who should care
Owners and operators of LITEON IC48A and IC80A EV chargers, charging-network administrators, OT/ICS security teams, and anyone responsible for firmware maintenance, log access control, or credential rotation on these systems.
Technical summary
The advisory states that IC48A firmware versions prior to 01.00.19r and IC80A firmware versions prior to 01.01.12e store FTP-server-access credentials in cleartext in system logs. The published CVSS v3.1 vector is AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N, indicating a confidentiality-focused issue with no integrity or availability impact in the scoring model. The practical security concern is that log access could expose FTP credentials and enable unauthorized access to related services or data.
Defensive priority
High. This is a credential exposure issue affecting industrial charging equipment, and exposed credentials can quickly become a broader access problem if logs are accessible or reused elsewhere. Patch and review logs promptly.
Recommended defensive actions
- Upgrade LITEON IC48A systems to firmware 01.00.20h or later.
- Upgrade LITEON IC80A systems to firmware 01.01.13m or later.
- Identify and review any logs that may contain FTP credentials, and remove or protect them according to your retention and access policies.
- Rotate any FTP credentials that may have been exposed in system logs.
- Restrict access to device logs, maintenance interfaces, and other administrative paths that can reveal sensitive information.
- Follow CISA ICS recommended practices for hardening and defense-in-depth on industrial control systems.
Evidence notes
The vulnerability description in the supplied CISA CSAF source says the affected firmware versions store FTP-server-access credentials in cleartext in system logs. The same source lists the fixed versions and provides the CVSS vector and score. Timing should be read from the advisory publication date, 2025-07-15, which matches the supplied CVE published and modified timestamps.
Official resources
-
CVE-2025-7357 CVE record
CVE.org
-
CVE-2025-7357 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed by CISA in advisory ICSA-25-196-03 on 2025-07-15, with the CVE published and modified the same day in the supplied timeline.