EVMAPA Insufficient Session Expiration_CVE-2025-55705

7.3 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Description

This vulnerability occurs when the system permits multiple simultaneous
connections to the backend using the same charging station ID. This can
result in unauthorized access, data inconsistency, or potential
manipulation of charging sessions. The lack of proper session management
and expiration control allows attackers to exploit this weakness by
reusing valid charging station IDs to establish multiple sessions
concurrently.

Basic Information

ID CVE-2025-55705

Source icscert

Published Jan 22, 2026 at 22:32

Modified Jan 23, 2026 at 20:10

Affected Product

Vendor EVMAPA

Product EVMAPA

Version All versions

Affected Versions EVMAPA EVMAPA All versions

CWE Classification

CWE-613

References

{
    "lastseen": "",
    "description": "This vulnerability occurs when the system permits multiple simultaneous \nconnections to the backend using the same charging station ID. This can \nresult in unauthorized access, data inconsistency, or potential \nmanipulation of charging sessions. The lack of proper session management\n and expiration control allows attackers to exploit this weakness by \nreusing valid charging station IDs to establish multiple sessions \nconcurrently.",
    "published": "2026-01-22T22:32:48.138Z",
    "modified": "2026-01-23T20:10:44.688Z",
    "type": "cve",
    "title": "EVMAPA Insufficient Session Expiration",
    "source": "icscert",
    "references": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-022-08\nhttps://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-022-08.json",
    "id": "CVE-2025-55705",
    "bulletinFamily": "",
    "cwe": [
        "CWE-613"
    ],
    "cvelist": null,
    "sourceData": "EVMAPA EVMAPA All versions",
    "sourceHref": "",
    "cvss": {
        "score": 7.3,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "EVMAPA",
    "version": "All versions",
    "vendor": "EVMAPA",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}