Cloudcharge.Se
CVE-2026-25114
HIGH
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
2DescriptionCVE.org
The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests. This absence of rate limiting may allow an attacker to conduct denial-of-service attacks by suppressing or mis-routing legitimate charger telemetry, or conduct brute-force attacks to gain unauthorized access.
AnalysisAI
Cloudcharge.Se's WebSocket API fails to implement authentication rate limiting, enabling attackers to launch denial-of-service attacks against charger infrastructure or conduct brute-force credential attacks without restriction. The vulnerability affects remote, unauthenticated attackers and could result in service disruption or unauthorized system access. No patch is currently available.
Technical ContextAI
Classified as CWE-307 (Improper Restriction of Excessive Authentication Attempts). Affects Cloudcharge.Se. The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests. This absence of rate limiting may allow an attacker to conduct denial-of-service attacks by suppressing or mis-routing legitimate charger telemetry, or conduct brute-force attacks to gain unauthorized access.
RemediationAI
Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.
More in Cloudcharge.Se
View allMissing WebSocket authentication in industrial/IoT device management allows unauthenticated attackers to perform station
Session hijacking in Cloudcharge.Se's WebSocket backend allows remote attackers to impersonate legitimate charging stati
Cloudcharge.Se charging stations expose authentication credentials through publicly accessible web-based mapping platfor
Same technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today