CVE-2026-25114
HIGHCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
2Description
The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests. This absence of rate limiting may allow an attacker to conduct denial-of-service attacks by suppressing or mis-routing legitimate charger telemetry, or conduct brute-force attacks to gain unauthorized access.
Analysis
Cloudcharge.Se's WebSocket API fails to implement authentication rate limiting, enabling attackers to launch denial-of-service attacks against charger infrastructure or conduct brute-force credential attacks without restriction. The vulnerability affects remote, unauthenticated attackers and could result in service disruption or unauthorized system access. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Inventory all WebSocket APIs in production and assess internet exposure; enable logging for authentication failures. Within 7 days: Implement rate limiting at the WAF/load balancer level, deploy network segmentation to restrict WebSocket access to trusted networks only, and establish monitoring for suspicious authentication patterns. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today