CVE-2025-24956 — Vulnetix

Try Vulnetix Request Demo

CVE-2025-24956 PUBLISHED CVSS 6.199999809265137 MEDIUM

A vulnerability has been identified in OpenV2G (All versions < V0.9.6). The OpenV2G EXI parsing feature is missing a length check when parsing X509 serial numbers. Thus, an attacker could introduce a buffer overflow that leads to memory corruption.

EPSS 0.36% · 58.2th percentile

Risk Scores

CVSS v3.1

6.199999809265137

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C

EPSS Score

0.36%

58.2th percentile

Affected Products

Vendor	Product	Versions
siemens	openv2g	0
Siemens	OpenV2G	0

Timeline

Feb 11, 2025 CVE Published
Feb 11, 2025 PoC Published
Feb 11, 2025 PoC Published
Feb 11, 2025 PoC Published
Feb 11, 2025 PoC Published
Feb 12, 2025 EPSS Score
Feb 13, 2025 PoC Published
Feb 26, 2025 EPSS Score
Mar 12, 2025 EPSS Score
Mar 19, 2025 Coalition ESS Score
Mar 26, 2025 EPSS Score
Apr 9, 2025 EPSS Score

References

Open in Interactive Console →