CVE-2025-7357 - Vulnerability Details

LITEON IC48A firmware versions prior to 01.00.19r and LITEON IC80A firmware versions prior to 01.01.12e store FTP-server-access-credentials in cleartext in their system logs.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00061.

Exploitation none

Automatable yes

Technical Impact partial

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2025-21723	LITEON IC48A firmware versions prior to 01.00.19r and LITEON IC80A firmware versions prior to 01.01.12e store FTP-server-access-credentials in cleartext in their system logs.

Fixes

Solution

LITEON has released the following firmware versions for the following EV chargers: * LITEON IC48A: Firmware versions 01.00.20h * LITEON IC80A: Firmware versions 01.01.13m For more information, contact LITEON https://www.liteon.com/en/contact/contact-us .

Workaround

No workaround given by the vendor.

References

Link	Providers
https://www.cisa.gov/news-events/ics-advisories/icsa-25-196-03

History

Fri, 18 Jul 2025 15:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 16 Jul 2025 16:00:00 +0000

Type	Values Removed	Values Added
Description		LITEON IC48A firmware versions prior to 01.00.19r and LITEON IC80A firmware versions prior to 01.01.12e store FTP-server-access-credentials in cleartext in their system logs.
Title		Plaintext Storage of a Password in LITEON IC48A and IC80A EV Chargers
Weaknesses		CWE-256
References		https://www.cisa.gov/news-events/ics-advisories/icsa-25-196-03
Metrics		cvssV4_0 `{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N'}`

MITRE

Status: PUBLISHED

Assigner: icscert

Published: 2025-07-16T15:56:33.623Z

Updated: 2025-07-18T14:38:53.584Z

Reserved: 2025-07-08T14:32:29.576Z

Link: CVE-2025-7357

Vulnrichment

Updated: 2025-07-18T14:38:50.433Z

NVD

Status : Awaiting Analysis

Published: 2025-07-16T16:15:29.627

Modified: 2025-07-17T21:15:50.197

Link: CVE-2025-7357

Redhat

No data.

OpenCVE Enrichment

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Exploitation none

Automatable yes

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object