How to fix CVE-2025-55705?

Within 24 hours: Inventory all charging stations and document current connection states; implement emergency monitoring for duplicate concurrent connections per station ID. Within 7 days: Deploy network-level controls to restrict single station IDs to one active backend connection; conduct audit of recent session logs for suspicious patterns. Within 30 days: Evaluate vendor roadmap for patch availability; implement mandatory re-authentication protocols for backend connections; deploy enhanced logging and alerting for connection anomalies.

Is Evmapa affected by CVE-2025-55705?

CVE-2025-55705 allows attackers to bypass charging station authentication by establishing multiple simultaneous connections with the same station ID, potentially enabling unauthorized access to charging infrastructure and manipulation of billing/session data.

CVE-2025-55705

HIGH

2026-01-22 [email protected]

7.3

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

Low

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:54 vuln.today

CVE Published

Jan 22, 2026 - 23:15 nvd

HIGH 7.3

Description

This vulnerability occurs when the system permits multiple simultaneous connections to the backend using the same charging station ID. This can result in unauthorized access, data inconsistency, or potential manipulation of charging sessions. The lack of proper session management and expiration control allows attackers to exploit this weakness by reusing valid charging station IDs to establish multiple sessions concurrently.

Analysis

Technical Context

Classified as CWE-613 (Insufficient Session Expiration). Affects Evmapa. This vulnerability occurs when the system permits multiple simultaneous

connections to the backend using the same charging station ID. This can

result in unauthorized access, data inconsistency, or potential

manipulation of charging sessions. The lack of proper session management

and expiration control allows attackers to exploit this weakness by

reusing valid charging station IDs to establish multiple sessions

concurrently.

Affected Products

Vendor: Evmapa. Product: Evmapa.

Remediation

Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +36

POC: 0

CVE-2025-55705 vulnerability details – vuln.today

Back

CVE-2025-55705

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

CVE-2025-55705

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

External POC / Exploit Code