Main Vulnerability Database SB2025042508

SB2025042508 - Information disclosure in Vestel AC Charger EVC04

Published: April 25, 2025

Security Bulletin ID SB2025042508

Severity

High

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Information disclosure

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Exposure of Sensitive System Information to an Unauthorized Control Sphere (CVE-ID: CVE-2025-3606)

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to exposure of sensitive system information to an unauthorized control sphere. A remote attacker can gain access to files containing sensitive information.

Remediation

Install update from vendor's website.

References

https://firebasestorage.googleapis.com/v0/b/vestel-shield.firebasestorage.app/o/PRODUCTION%2F1%2FVSA-1_R2.pdf?alt=media&token=8201f299-5014-4720-9200-f1b335736ac1
https://www.cisa.gov/news-events/ics-advisories/icsa-25-114-03

SB2025042508 - Information disclosure in Vestel AC Charger EVC04

Breakdown by Severity

Description

Remediation

References

Please verify you're human