CVE-2025-3606

Vestel AC Charger Exposure of Sensitive System Information to an Unauthorized Control Sphere

Description

Vestel AC Charger version 3.75.0 contains a vulnerability that could enable an attacker to access files containing sensitive information, such as credentials which could be used to further compromise the device.

Remediation

Solution:

  • Vestel strongly suggests that users of the related AC chargers update to version V3.187 or a higher version.

Workaround:

  • Avoid using open network: * Use secure methods like virtual private networks (VPNs) for remote access. Regularly update VPNs to their latest versions and ensure that connected devices maintain strong security measures. * Reduce network exposure for applications and endpoints. Only make them accessible via the Internet if specifically designed for and required by their intended use. Login Credentials Management: * Force end user to revise the factory default set username and password of webconfig page. * Remove any printed documents such as installation guide, instruction book, quick start guide from web where login credentials are featured. Please refer to Vestel's advisory https://firebasestorage.googleapis.com/v0/b/vestel-shield.firebasestorage.app/o/PRODUCTION%2F1%2FVSA-1_R2.pdf for more information.

Category

8.7
CVSS
Severity: High
CVSS 4.0 •
CVSS 3.1 •
EPSS 0.04%
Affected: Vestel AC Charger EVC04
Published at:
Updated at:

References

Link Tags
https://www.cisa.gov/news-events/ics-advisories/icsa-25-114-03
https://firebasestorage.googleapis.com/v0/b/vestel-shield.firebasestorage.app/o/PRODUCTION%2F1%2FVSA-1_R2.pdf?alt=media&token=8201f299-5014-4720-9200-f1b335736ac1

Frequently Asked Questions

What is the severity of CVE-2025-3606?
CVE-2025-3606 has been scored as a high severity vulnerability.
How to fix CVE-2025-3606?
To fix CVE-2025-3606: Vestel strongly suggests that users of the related AC chargers update to version V3.187 or a higher version.
Is CVE-2025-3606 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2025-3606 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2025-3606?
CVE-2025-3606 affects Vestel AC Charger EVC04.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.