CVE-2025-7357 - Vulnerability Details - OpenCVE

LITEON IC48A firmware versions prior to 01.00.19r and LITEON IC80A firmware versions prior to 01.01.12e store FTP-server-access-credentials in cleartext in their system logs.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact partial

No data.

No data.

No data.

References

Link	Providers
https://www.cisa.gov/news-events/ics-advisories/icsa-25-196-03

History

Fri, 18 Jul 2025 15:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 16 Jul 2025 16:00:00 +0000

Type	Values Removed	Values Added
Description		LITEON IC48A firmware versions prior to 01.00.19r and LITEON IC80A firmware versions prior to 01.01.12e store FTP-server-access-credentials in cleartext in their system logs.
Title		Plaintext Storage of a Password in LITEON IC48A and IC80A EV Chargers
Weaknesses		CWE-256
References		https://www.cisa.gov/news-events/ics-advisories/icsa-25-196-03
Metrics		cvssV4_0 `{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N'}`

MITRE

Status: PUBLISHED

Assigner: icscert

Published: 2025-07-16T15:56:33.623Z

Updated: 2025-07-18T14:38:53.584Z

Reserved: 2025-07-08T14:32:29.576Z

Link: CVE-2025-7357

Vulnrichment

Updated: 2025-07-18T14:38:50.433Z

NVD

Status : Awaiting Analysis

Published: 2025-07-16T16:15:29.627

Modified: 2025-07-17T21:15:50.197

Link: CVE-2025-7357

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-7357", "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "state": "PUBLISHED", "assignerShortName": "icscert", "dateReserved": "2025-07-08T14:32:29.576Z", "datePublished": "2025-07-16T15:56:33.623Z", "dateUpdated": "2025-07-18T14:38:53.584Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "IC48A EV Charger", "vendor": "LITEON", "versions": [{"lessThan": "01.00.19r", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "IC80A EV Charger", "vendor": "LITEON", "versions": [{"lessThan": "01.01.12e", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Murat Sagdullaev of Electrada"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>LITEON IC48A firmware versions prior to 01.00.19r and LITEON IC80A firmware versions prior to 01.01.12e store FTP-server-access-credentials in cleartext in their system logs.</p><br>"}], "value": "LITEON IC48A firmware versions prior to 01.00.19r and LITEON IC80A firmware versions prior to 01.01.12e store FTP-server-access-credentials in cleartext in their system logs."}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 8.7, "baseSeverity": "HIGH", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-256", "description": "CWE-256 Plaintext Storage of a Password", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2025-07-16T15:56:33.623Z"}, "references": [{"tags": ["government-resource"], "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-196-03"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>LITEON has released the following firmware versions for the following EV chargers:</p><ul><li>LITEON IC48A: Firmware versions 01.00.20h</li><li>LITEON IC80A: Firmware versions 01.01.13m</li></ul><p>For more information, contact <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.liteon.com/en/contact/contact-us\">LITEON</a>.</p>\n\n<br>"}], "value": "LITEON has released the following firmware versions for the following EV chargers:\n\n * LITEON IC48A: Firmware versions 01.00.20h\n * LITEON IC80A: Firmware versions 01.01.13m\n\n\nFor more information, contact LITEON https://www.liteon.com/en/contact/contact-us ."}], "source": {"discovery": "UNKNOWN"}, "title": "Plaintext Storage of a Password in LITEON IC48A and IC80A EV Chargers", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-07-18T14:38:46.980127Z", "id": "CVE-2025-7357", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-18T14:38:53.584Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-7357", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-07-18T14:38:46.980127Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-18T14:38:50.433Z"}}], "cna": {"title": "Plaintext Storage of a Password in LITEON IC48A and IC80A EV Chargers", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Murat Sagdullaev of Electrada"}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.7, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "LITEON", "product": "IC48A EV Charger", "versions": [{"status": "affected", "version": "0", "lessThan": "01.00.19r", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "LITEON", "product": "IC80A EV Charger", "versions": [{"status": "affected", "version": "0", "lessThan": "01.01.12e", "versionType": "custom"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "LITEON has released the following firmware versions for the following EV chargers:\n\n * LITEON IC48A: Firmware versions 01.00.20h\n * LITEON IC80A: Firmware versions 01.01.13m\n\n\nFor more information, contact LITEON https://www.liteon.com/en/contact/contact-us .", "supportingMedia": [{"type": "text/html", "value": "<p>LITEON has released the following firmware versions for the following EV chargers:</p><ul><li>LITEON IC48A: Firmware versions 01.00.20h</li><li>LITEON IC80A: Firmware versions 01.01.13m</li></ul><p>For more information, contact <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.liteon.com/en/contact/contact-us\">LITEON</a>.</p>\n\n<br>", "base64": false}]}], "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-196-03", "tags": ["government-resource"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "LITEON IC48A firmware versions prior to 01.00.19r and LITEON IC80A firmware versions prior to 01.01.12e store FTP-server-access-credentials in cleartext in their system logs.", "supportingMedia": [{"type": "text/html", "value": "<p>LITEON IC48A firmware versions prior to 01.00.19r and LITEON IC80A firmware versions prior to 01.01.12e store FTP-server-access-credentials in cleartext in their system logs.</p><br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-256", "description": "CWE-256 Plaintext Storage of a Password"}]}], "providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2025-07-16T15:56:33.623Z"}}}, "cveMetadata": {"cveId": "CVE-2025-7357", "state": "PUBLISHED", "dateUpdated": "2025-07-18T14:38:53.584Z", "dateReserved": "2025-07-08T14:32:29.576Z", "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "datePublished": "2025-07-16T15:56:33.623Z", "assignerShortName": "icscert"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "LITEON IC48A firmware versions prior to 01.00.19r and LITEON IC80A firmware versions prior to 01.01.12e store FTP-server-access-credentials in cleartext in their system logs."}, {"lang": "es", "value": "Las versiones de firmware de LITEON IC48A anteriores a 01.00.19r y las versiones de firmware de LITEON IC80A anteriores a 01.01.12e almacenan las credenciales de acceso al servidor FTP en texto sin formato en sus registros del sistema."}], "id": "CVE-2025-7357", "lastModified": "2025-07-17T21:15:50.197", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.7, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}]}, "published": "2025-07-16T16:15:29.627", "references": [{"source": "ics-cert@hq.dhs.gov", "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-196-03"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-256"}], "source": "ics-cert@hq.dhs.gov", "type": "Primary"}]}