PatchSiren cyber security CVE debrief
CVE-2025-3606 Vestel CVE debrief
CVE-2025-3606 is a high-severity issue affecting Vestel AC Charger EVC04 that may allow an attacker to access files containing sensitive information, including credentials. The advisory’s CVSS v3.1 vector indicates a network-reachable, unauthenticated attack path with high confidentiality impact. Vestel and CISA recommend upgrading to V3.187 or later and reducing exposure of the device and its management interfaces.
- Vendor
- Vestel
- Product
- AC Charger EVC04
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-04-24
- Original CVE updated
- 2025-04-24
- Advisory published
- 2025-04-24
- Advisory updated
- 2025-04-24
Who should care
Operators, maintainers, and integrators responsible for Vestel AC Charger EVC04 deployments should prioritize this issue, especially OT/ICS teams that expose the device or its web configuration interface on reachable networks.
Technical summary
The supplied CISA CSAF advisory identifies Vestel AC Charger EVC04: 3.75.0 as the affected product entry and describes a vulnerability that could let an attacker access files containing sensitive information such as credentials. The supplied CVSS vector is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N, which indicates a remotely reachable issue requiring no privileges or user interaction and impacting confidentiality only. Vestel’s remediation is to update to V3.187 or any higher version and to reduce network exposure and credential risk.
Defensive priority
High. This is a remotely reachable confidentiality issue in an ICS/OT product, with potential for credential disclosure and follow-on compromise if the exposed files are used for authentication or device management.
Recommended defensive actions
- Update Vestel AC Charger EVC04 to V3.187 or any higher version as recommended by Vestel.
- Reduce network exposure for the charger and its management interfaces; do not place them on open networks unless strictly required.
- Use VPNs for remote access and keep VPN components updated.
- Change the factory-default username and password on the webconfig page immediately.
- Remove printed or web-published installation, instruction, or quick-start documents that reveal login credentials.
- Review the device for signs of unauthorized file access or credential exposure and rotate any credentials that may have been disclosed.
Evidence notes
Primary evidence comes from the CISA CSAF advisory ICSA-25-114-03 and the machine-readable source item linked to CVE-2025-3606. The source states that Vestel AC Charger EVC04 is affected, that sensitive files such as credentials may be accessible, and that the vendor’s recommended fix is V3.187 or higher. The supplied enrichment indicates no KEV listing and no known ransomware campaign use.
Official resources
-
CVE-2025-3606 CVE record
CVE.org
-
CVE-2025-3606 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed by CISA as ICSA-25-114-03 on 2025-04-24; no KEV entry or ransomware campaign linkage was provided in the supplied sources.