CVE-2025-7357

Summary

LITEON IC48A firmware versions prior to 01.00.19r and LITEON IC80A firmware versions prior to 01.01.12e store FTP-server-access-credentials in cleartext in their system logs.

Affected Software

VendorProductVersion RangeStatus
LITEONIC48A EV Charger0 < 01.00.19raffected
LITEONIC80A EV Charger0 < 01.01.12eaffected

Weaknesses

  • CWE-256: CWE-256 Plaintext Storage of a Password

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References