Platform
other
Component
csaf
CVE-2026-25192 describes a critical vulnerability in Chargeportal, allowing unauthorized station impersonation. Attackers can exploit this flaw to manipulate data sent to the backend, potentially leading to significant disruption and data corruption within charging networks. This vulnerability affects all versions of Chargeportal and requires immediate attention to mitigate the risk.
The primary impact of CVE-2026-25192 is the ability for an unauthenticated attacker to connect to the OCPP WebSocket endpoint. By leveraging a known or discovered charging station identifier, the attacker can then issue and receive OCPP commands as if they were a legitimate charging station. This effectively grants them unauthorized control over the charging infrastructure. The consequences are severe: attackers could manipulate charging sessions, alter billing data, disrupt charging operations, and potentially compromise the integrity of the entire charging network. The lack of authentication makes this vulnerability particularly dangerous, as it bypasses standard security controls and allows for easy exploitation.
CVE-2026-25192 was publicly disclosed on 2026-03-20. The vulnerability's CRITICAL CVSS score (9.4) indicates a high probability of exploitation. There are currently no known public proof-of-concept exploits, but the ease of exploitation makes it likely that such exploits will emerge. It is not currently listed on the CISA KEV catalog.
Exploit Status
EPSS
0.16% (36% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2026-25192 is to upgrade to a patched version of Chargeportal as soon as it becomes available. Until a patch is deployed, implement immediate workarounds to limit the potential impact. Network segmentation is crucial; isolate the Chargeportal server from other critical systems to limit lateral movement. Strict firewall rules should be enforced to restrict access to the OCPP WebSocket endpoint, allowing only authorized connections from known and trusted sources. Consider implementing rate limiting on the WebSocket endpoint to mitigate potential denial-of-service attacks. After applying any mitigations, verify functionality by attempting to connect to the OCPP WebSocket endpoint with an unauthorized identifier and confirming that access is denied.
Se recomienda implementar mecanismos de autenticación robustos para los endpoints WebSocket. Actualizar a la última versión del software proporcionada por el proveedor, una vez que esté disponible, es crucial. Además, se debe monitorear la infraestructura de carga para detectar actividades sospechosas.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-25192 is a critical vulnerability in Chargeportal that allows unauthenticated attackers to impersonate charging stations and manipulate data via WebSocket endpoints, potentially leading to privilege escalation and data corruption.
Yes, all versions of Chargeportal are affected by this vulnerability. If you are using Chargeportal, you are at risk until you upgrade to a patched version or implement mitigating controls.
The primary fix is to upgrade to a patched version of Chargeportal as soon as it becomes available. Until then, implement network segmentation and strict firewall rules.
While there are no known public exploits currently, the ease of exploitation suggests a high likelihood of exploitation in the near future.
Please refer to the Chargeportal vendor website and security advisories for the latest information and official guidance regarding CVE-2026-25192.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.