These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
CVE-2025-55705 is a high-severity EVMAPA vulnerability in which the backend can accept multiple simultaneous connections using the same charging station ID (CBID). According to CISA’s advisory, weak session management and expiration control can let an attacker reuse a valid station ID to establish concurrent sessions, creating risk of unauthorized access, inconsistent data, and manipulation of charging se [truncated]
CVE-2025-54816 is a critical authentication weakness in EVMAPA’s WebSocket-based charging-station communications. The CISA advisory says a WebSocket endpoint can be reached without proper authentication, allowing unauthorized users to establish connections and potentially access sensitive data or perform unauthorized actions. In an ICS/OT context, that can translate into privilege escalation and broader s [truncated]
CVE-2025-53968 is a high-severity authentication weakness described by CISA as an unlimited authentication-attempt condition in EVMAPA. Because there are no limits on the number of authentication attempts, an attacker can repeatedly submit requests and potentially exhaust the authentication service, leading to denial of service and creating conditions favorable for brute-force guessing attempts.