CVE-2025-3606 Overview
CVE-2025-3606 is a sensitive information exposure vulnerability affecting Vestel AC Charger version 3.75.0. This vulnerability allows an unauthenticated attacker to remotely access files containing sensitive information, including credentials that could be leveraged to further compromise the electric vehicle charging device and potentially the broader infrastructure it connects to.
Critical Impact
Attackers can remotely access sensitive files containing credentials without authentication, enabling complete device compromise and potential lateral movement within EV charging infrastructure networks.
Affected Products
- Vestel AC Charger version 3.75.0
Discovery Timeline
- April 25, 2025 - CVE-2025-3606 published to NVD
- April 15, 2026 - Last updated in NVD database
Technical Details for CVE-2025-3606
Vulnerability Analysis
This vulnerability is classified under CWE-497 (Exposure of Sensitive System Information to an Unauthorized Control Sphere). The Vestel AC Charger firmware contains a flaw that allows network-accessible attackers to read files that should be restricted, exposing sensitive system information including authentication credentials.
The vulnerability requires no authentication and can be exploited remotely over the network with low attack complexity. While the vulnerability only allows read access (compromising confidentiality), the exposed credentials can be weaponized for secondary attacks that could impact system integrity and availability.
Electric vehicle charging infrastructure represents a critical target due to its connection to electrical grids, building management systems, and payment processing networks. Compromise of these devices could enable attackers to pivot into connected systems or manipulate charging operations.
Root Cause
The root cause stems from improper access controls within the Vestel AC Charger firmware that fail to adequately protect sensitive configuration and credential files from unauthorized network access. The system exposes these files to unauthenticated remote requests, violating the principle of least privilege and secure-by-default design patterns expected in embedded IoT devices.
Attack Vector
The attack vector is network-based, requiring no user interaction or prior authentication. An attacker with network access to the vulnerable Vestel AC Charger can directly request and retrieve files containing sensitive information. The extracted credentials can then be used to authenticate to the device or potentially other systems if credential reuse exists across the infrastructure.
The vulnerability manifests through improper file access controls that expose sensitive configuration data. For technical exploitation details, refer to the CISA ICS Advisory ICSA-25-114-03 and Vestel Security Advisory.
Detection Methods for CVE-2025-3606
Indicators of Compromise
- Unusual network requests targeting configuration or credential file paths on Vestel AC Charger devices
- Unexpected authentication attempts using credentials associated with charging infrastructure
- Anomalous file access patterns in device logs indicating reconnaissance or exfiltration activity
- Unauthorized configuration changes to Vestel AC Charger devices
Detection Strategies
- Monitor network traffic to Vestel AC Charger devices for unusual HTTP/HTTPS requests attempting to access sensitive file paths
- Implement network segmentation monitoring to detect unauthorized access attempts from untrusted network segments
- Deploy intrusion detection signatures targeting known exploitation patterns for CWE-497 information exposure vulnerabilities
- Correlate authentication logs across charging infrastructure to identify credential abuse following potential exposure
Monitoring Recommendations
- Enable verbose logging on Vestel AC Charger devices and forward logs to a centralized SIEM for analysis
- Implement network-level monitoring for all traffic to and from EV charging infrastructure
- Establish baseline behavior for charging device communications to detect anomalies
- Monitor for new or unauthorized device connections within the charging network infrastructure
How to Mitigate CVE-2025-3606
Immediate Actions Required
- Identify all Vestel AC Charger devices running version 3.75.0 in your environment
- Isolate vulnerable devices from untrusted network segments immediately
- Review access logs on affected devices for evidence of prior exploitation
- Change all credentials that may have been stored on or accessible from affected devices
Patch Information
Vestel has released a security advisory addressing this vulnerability. Organizations should consult the Vestel Security Advisory for firmware update instructions and apply the latest available firmware version that addresses CVE-2025-3606.
CISA has also published guidance in ICS Advisory ICSA-25-114-03 with additional defensive recommendations for industrial control system environments.
Workarounds
- Implement strict network segmentation to restrict access to Vestel AC Charger devices from trusted management networks only
- Deploy a web application firewall or network access control to filter malicious requests targeting vulnerable endpoints
- Disable any unnecessary network services on the charging devices to reduce attack surface
- Implement VPN-only access for remote management of charging infrastructure
# Example network segmentation configuration (firewall rules)
# Restrict access to Vestel AC Charger management interface
# Allow only trusted management subnet (10.10.10.0/24) to access charger (192.168.1.100)
iptables -A INPUT -s 10.10.10.0/24 -d 192.168.1.100 -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -s 10.10.10.0/24 -d 192.168.1.100 -p tcp --dport 443 -j ACCEPT
iptables -A INPUT -d 192.168.1.100 -p tcp --dport 80 -j DROP
iptables -A INPUT -d 192.168.1.100 -p tcp --dport 443 -j DROP
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
