CVE-2025-3606: Vestel AC Charger Exposure of Sensitive System Information to an Unauthorized Control Sphere

7.5 CVSS

Description

Vestel AC Charger
version

3.75.0 contains a vulnerability that
could enable an attacker to access files containing sensitive
information, such as credentials which could be used to further
compromise the device.

Classification

CVE ID: CVE-2025-3606

CVSS Base Severity: HIGH

CVSS Base Score: 7.5

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Problem Types

CWE-497

Affected Products

Vendor: Vestel

Product: AC Charger EVC04

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 11.82% (scored less or equal to compared to others)

EPSS Date: 2025-05-15 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-3606
https://www.cisa.gov/news-events/ics-advisories/icsa-25-114-03
https://firebasestorage.googleapis.com/v0/b/vestel-shield.firebasestorage.app/o/PRODUCTION%2F1%2FVSA-1_R2.pdf?alt=media&token=8201f299-5014-4720-9200-f1b335736ac1

Timeline

2025-04-25 00:40:19 UTC
CVE

Vestel AC Charger Exposure of Sensitive System Information to an Unauthorized Control Sphere