CVE-2025-54816
published 2026-01-22CVE-2025-54816: This vulnerability occurs when a WebSocket endpoint does not enforce proper authentication mechanisms, allowing unauthorized users to establish connections. As…
PriorityP266critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.42%
33.5th percentile
This vulnerability occurs when a WebSocket endpoint does not enforce
proper authentication mechanisms, allowing unauthorized users to
establish connections. As a result, attackers can exploit this weakness
to gain unauthorized access to sensitive data or perform unauthorized
actions. Given that no authentication is required, this can lead to
privilege escalation and potentially compromise the security of the
entire system.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| evmapa | evmapa | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Target unauthenticated WebSocket endpoints in EVMAPA charging station management backend; any WebSocket connection established without authentication credentials should be flagged as suspicious ↗
- →Monitor for WebSocket connections to EVMAPA backend that lack BASIC authorization headers or WSS (WebSocket Secure) negotiation, particularly over plain WS ↗
- →Alert on privilege escalation attempts or unauthorized command execution originating from unauthenticated WebSocket sessions against EVMAPA OCPP endpoints ↗
- →Detect exploitation attempts via network: look for inbound WebSocket upgrade requests (HTTP 101) to EVMAPA OCPP endpoints from untrusted/external IP ranges with no authentication material (no Authorization header, no token) ↗
- ·All versions of EVMAPA are affected (vers:all/*); no version-based scoping is possible for detection — treat all deployed instances as vulnerable until patched ↗
- ·The vulnerability is specific to the OCPP WebSocket endpoint; EVMAPA's interim mitigation is VPN-based isolation for stations they supply, not a code fix — detections should account for VPN-tunnelled traffic still being at risk if the VPN is compromised ↗
- ·No known public exploitation has been reported at time of advisory publication; detections are pre-emptive ↗
- ·Deployment is geographically limited to Czechia and Slovakia; scope network monitoring accordingly ↗
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
EVMAPA
cisa_ics·2026-01-22·CVSS 7.5
[HIGH] EVMAPA
ICS Advisory
##
EVMAPA
Release DateJanuary 22, 2026
Alert CodeICSA-26-022-08
Related topics:
Industrial Control System Vulnerabilities, Industrial Control Systems
View CSAF
## Summary
Successful exploitation of these vulnerabilities could lead to degraded service, a denial-of-service, or unauthorized remote command execution, which could lead to spoofing or a manipulation of charging station statuses.
The following versions of EVMAPA are affected:
- EVMAPA (CVE-2025-54816, CVE-2025-53968, CVE-2025-55705)
CVSS
Vendor
Equipment
Vulnerabilities
| v3 9.4
| EVMAPA
| EVMAPA
| Missing Authentication for Critical Function, Improper Restriction of Excessive Authentication Attempts, Insufficient Session Expiration
## Background
- Critical Infrastructure Sectors:
GHSA
GHSA-fpfh-v96r-h7v9: This vulnerability occurs when a WebSocket endpoint does not enforce
proper authentication mechanisms, allowing unauthorized users to
establish connec
ghsa_unreviewed·2026-01-23
CVE-2025-54816 [CRITICAL] CWE-306 GHSA-fpfh-v96r-h7v9: This vulnerability occurs when a WebSocket endpoint does not enforce
proper authentication mechanisms, allowing unauthorized users to
establish connec
This vulnerability occurs when a WebSocket endpoint does not enforce
proper authentication mechanisms, allowing unauthorized users to
establish connections. As a result, attackers can exploit this weakness
to gain unauthorized access to sensitive data or perform unauthorized
actions. Given that no authentication is required, this can lead to
privilege escalation and potentially compromise the security of the
entire system.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-01-22
Published