CVE-2025-12357
MEDIUMCVSS Vector
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Lifecycle Timeline
2Description
By manipulating the Signal Level Attenuation Characterization (SLAC) protocol with spoofed measurements, an attacker can stage a man-in-the-middle attack between an electric vehicle and chargers that comply with the ISO 15118-2 part. This vulnerability may be exploitable wirelessly, within close proximity, via electromagnetic induction.
Analysis
This vulnerability in the Signal Level Attenuation Characterization (SLAC) protocol allows attackers to conduct man-in-the-middle attacks against electric vehicles and ISO 15118-2 compliant chargers by injecting spoofed signal level measurements. An attacker within close electromagnetic proximity can intercept and manipulate the wireless communication between EVs and chargers, potentially compromising the confidentiality and integrity of charging transactions. While the CVSS score of 6.3 indicates medium severity with low complexity exploitation, the EPSS score of 0.03% (6th percentile) suggests minimal real-world exploitation likelihood despite the critical nature of EV charging infrastructure.
Technical Context
The vulnerability exploits weaknesses in CWE-923 (Improper Restriction of Communication Channel to Intended Endpoints), specifically within the SLAC protocol defined under ISO 15118-2 standards for power line communication between electric vehicles and charging stations. SLAC is used to characterize the power line channel and establish secure communications for the ISO 15118-2 handshake. The protocol relies on signal level measurements to validate communication quality; however, insufficient validation of these measurements allows an attacker to inject crafted SLAC frames with spoofed attenuation values. Since SLAC operates over power line induction, exploitation occurs within close physical proximity without requiring network access or credentials. The attack surface encompasses all EV and charger implementations that comply with ISO 15118-2 specifications without additional cryptographic binding of SLAC measurements to the vehicle identity.
Affected Products
Products implementing the ISO 15118-2 standard for power line communication (SLAC protocol) in electric vehicle charging systems are affected. The vulnerability applies to EV manufacturers and charging infrastructure providers whose implementations do not include sufficient cryptographic validation of SLAC signal level measurements. Specific CPE data is not provided in the available intelligence, but the references direct to CISA advisory ICSA-25-303-01 and the International Electrotechnical Commission (IEC) contact at https://www.iec.ch/contact?id=40499. Organizations should consult the full DHS CISA advisory at https://www.cisa.gov/news-events/ics-advisories/icsa-25-303-01 and the CSAF report at https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-303-01.json for affected product listings and version ranges, as these sources contain the authoritative vulnerability details from the reporting agency.
Remediation
Contact your EV charger and vehicle manufacturer to obtain firmware or software updates that implement cryptographic binding and validation of SLAC signal measurements as defined in ISO 15118-2 security amendments. Refer to CISA advisory ICSA-25-303-01 (https://www.cisa.gov/news-events/ics-advisories/icsa-25-303-01) for vendor-specific patches and timelines. As an interim mitigation, restrict physical access to charging infrastructure by deploying chargers in controlled facilities with electromagnetic shielding where possible, implement monitoring of anomalous SLAC protocol behavior via power line analysis tools, and segment charging stations from critical business networks. For organizations unable to patch immediately, coordinate with vehicle OEMs to implement application-layer authentication mechanisms that do not depend solely on SLAC signal validation. Contact the IEC (https://www.iec.ch/contact?id=40499) for clarification on ISO 15118-2 compliance requirements and recommended implementation practices.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today