📧 info@ciso.sa | 📱 +966550939344 | Riyadh, Kingdom of Saudi Arabia
About FAQ Contact Us Terms of Service Privacy Policy 🌐 العربية
🔐

Welcome — Sign in or create an account for full access.

🔑 Sign In ✨ Register
🌐 العربية Sign In Create Account
🔧 Scheduled Maintenance — Saturday 2:00-4:00 AM AST. Some features may be temporarily unavailable.    ●   
💎
Pro Plan 50% Off Unlock all AI features, unlimited reports, and priority support. Upgrade
Search Center
ESC to close
navigate open Ctrl+K search
CISO Consulting
Global supply_chain Software Development and Technology HIGH 3h Global apt Government/Critical Infrastructure CRITICAL 5h Global vulnerability Enterprise Software / Data Analytics CRITICAL 6h Global vulnerability Artificial Intelligence and Technology HIGH 9h Global general Technology and Artificial Intelligence MEDIUM 13h Global general Technology and Artificial Intelligence HIGH 14h Global vulnerability Higher Education CRITICAL 23h Global data_breach Government HIGH 1d Global supply_chain Software Development and Open Source Communities CRITICAL 1d Global malware Software Development CRITICAL 1d Global supply_chain Software Development and Technology HIGH 3h Global apt Government/Critical Infrastructure CRITICAL 5h Global vulnerability Enterprise Software / Data Analytics CRITICAL 6h Global vulnerability Artificial Intelligence and Technology HIGH 9h Global general Technology and Artificial Intelligence MEDIUM 13h Global general Technology and Artificial Intelligence HIGH 14h Global vulnerability Higher Education CRITICAL 23h Global data_breach Government HIGH 1d Global supply_chain Software Development and Open Source Communities CRITICAL 1d Global malware Software Development CRITICAL 1d Global supply_chain Software Development and Technology HIGH 3h Global apt Government/Critical Infrastructure CRITICAL 5h Global vulnerability Enterprise Software / Data Analytics CRITICAL 6h Global vulnerability Artificial Intelligence and Technology HIGH 9h Global general Technology and Artificial Intelligence MEDIUM 13h Global general Technology and Artificial Intelligence HIGH 14h Global vulnerability Higher Education CRITICAL 23h Global data_breach Government HIGH 1d Global supply_chain Software Development and Open Source Communities CRITICAL 1d Global malware Software Development CRITICAL 1d
Vulnerabilities

CVE-2026-25774

Medium
Charging station authentication identifiers are publicly accessible via web-based mapping platforms.
CWE-522 — Weakness Type
Published: Feb 27, 2026  ·  Modified: Mar 5, 2026  ·  Source: NVD
CVSS v3
6.5
🔗 NVD Official
📄 Description (English)

Charging station authentication identifiers are publicly accessible via web-based mapping platforms.

🤖 AI Executive Summary

CVE-2026-25774 exposes charging station authentication identifiers through publicly accessible web-based mapping platforms, affecting EV.energy products. This vulnerability allows unauthorized access to charging infrastructure management systems without requiring exploitation of complex attack vectors. While currently unpatched, the exposure of authentication credentials poses a significant risk to EV charging networks, particularly in regions with growing electric vehicle adoption like Saudi Arabia.

📄 Description (Arabic)

🤖 AI Intelligence Analysis Analyzed: May 12, 2026 12:29
🇸🇦 Saudi Arabia Impact Assessment
Saudi Arabia's Vision 2030 initiative heavily promotes electric vehicle adoption and charging infrastructure development. This vulnerability directly impacts: (1) Government entities managing national EV charging networks under ARAMCO and Ministry of Energy initiatives; (2) Telecom operators (STC, Mobily) providing IoT connectivity for smart charging; (3) Private sector companies deploying charging stations in major cities (Riyadh, Jeddah, Dammam); (4) Critical infrastructure protection under NCA oversight. Unauthorized access to charging station credentials could enable service disruption, data theft, or physical infrastructure tampering affecting national sustainability goals.
🏢 Affected Saudi Sectors
Energy & Utilities (ARAMCO, Ministry of Energy) Government (NCA, Ministry of Transportation) Telecommunications (STC, Mobily, Zain) Transportation & Logistics Smart City Infrastructure Private Sector EV Operators
⚖️ Saudi Risk Score (AI)
7.2
/ 10.0
🔧 Remediation Steps (English)
Immediate Actions:

1. Audit all EV.energy deployments to identify exposed charging station identifiers on public mapping platforms

2. Contact EV.energy vendor immediately for security advisory and timeline for patches

3. Implement network segmentation isolating charging station management systems from public internet access

4. Disable public API endpoints exposing authentication identifiers



Compensating Controls:

5. Implement Web Application Firewall (WAF) rules to block unauthorized access to charging station APIs

6. Deploy API authentication requiring multi-factor authentication (MFA) for all administrative access

7. Rotate all exposed authentication credentials immediately

8. Implement IP whitelisting for charging station management interfaces

9. Enable comprehensive logging and monitoring of all charging station API access

10. Conduct security assessment of mapping platform integrations



Detection Rules:

- Monitor for unusual API calls to charging station endpoints from non-whitelisted IPs

- Alert on credential reuse patterns from public sources

- Track access to charging station configuration endpoints

- Monitor for bulk enumeration of charging station identifiers
🔧 خطوات المعالجة (العربية)
الإجراءات الفورية:

1. تدقيق جميع عمليات نشر EV.energy لتحديد معرّفات محطات الشحن المكشوفة على منصات الرسم الخرائط العامة

2. الاتصال بفوري مع بائع EV.energy للحصول على استشارة أمنية وجدول زمني للتصحيحات

3. تنفيذ تقسيم الشبكة لعزل أنظمة إدارة محطات الشحن عن الوصول العام للإنترنت

4. تعطيل نقاط نهاية API العامة التي تكشف معرّفات المصادقة



الضوابط التعويضية:

5. تنفيذ قواعد جدار حماية تطبيقات الويب (WAF) لحظر الوصول غير المصرح به إلى واجهات برمجة التطبيقات

6. نشر مصادقة API تتطلب المصادقة متعددة العوامل (MFA) لجميع الوصول الإداري

7. تدوير جميع بيانات الاعتماد المكشوفة فوراً

8. تنفيذ القائمة البيضاء للعناوين IP لواجهات إدارة محطات الشحن

9. تفعيل السجلات الشاملة ومراقبة جميع عمليات الوصول إلى واجهات برمجة تطبيقات محطات الشحن

10. إجراء تقييم أمني لتكاملات منصات الرسم الخرائط



قواعد الكشف:

- مراقبة استدعاءات API غير العادية إلى نقاط نهاية محطات الشحن من عناوين IP غير مدرجة في القائمة البيضاء

- تنبيهات على أنماط إعادة استخدام بيانات الاعتماد من مصادر عامة

- تتبع الوصول إلى نقاط نهاية تكوين محطات الشحن

- مراقبة التعداد الشامل لمعرّفات محطات الشحن
📋 Regulatory Compliance Mapping
🟢 NCA ECC 2024
ECC 2024 A.5.1.1 - Access Control Policies ECC 2024 A.5.2.1 - User Registration and Access Rights Management ECC 2024 A.5.3.1 - Password Management ECC 2024 A.8.2.1 - Classification of Information ECC 2024 A.8.2.3 - Handling of Assets ECC 2024 A.12.4.1 - Event Logging ECC 2024 A.12.4.3 - Administrator and Operator Logs
🔵 SAMA CSF
SAMA CSF ID.AM-2 - Software Platforms and Applications SAMA CSF PR.AC-1 - Access Control Policy SAMA CSF PR.AC-4 - Access Rights and Privileges SAMA CSF DE.AE-1 - Audit Logs SAMA CSF DE.CM-1 - Network Monitoring
🟡 ISO 27001:2022
ISO 27001:2022 A.5.2 - Information Security Policies ISO 27001:2022 A.6.2 - Access Control ISO 27001:2022 A.8.2 - Asset Management ISO 27001:2022 A.8.3 - Media Handling ISO 27001:2022 A.9.2 - User Access Management ISO 27001:2022 A.9.4 - Access Rights Review ISO 27001:2022 A.12.4 - Logging
📦 Affected Products / CPE 1 entries
ev.energy:ev.energy
📊 CVSS Score
6.5
/ 10.0 — Medium
📊 CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Attack VectorN — None / Network
Attack ComplexityL — Low / Local
Privileges RequiredN — None / Network
User InteractionN — None / Network
ScopeU — Unchanged
ConfidentialityL — Low / Local
IntegrityL — Low / Local
AvailabilityN — None / Network
📋 Quick Facts
Severity Medium
CVSS Score6.5
CWECWE-522
Exploit No
Patch ✗ No
Published 2026-02-27
Source Feed nvd
Views 5
🇸🇦 Saudi Risk Score
7.2
/ 10.0 — Saudi Risk
Priority: HIGH
🏷️ Tags
CWE-522
⚡ Actions
🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details
Share this CVE
LinkedIn X / Twitter WhatsApp Telegram

💬 Comments

0
Loading comments
📣 Found this valuable?
Share it with your cybersecurity network
in LinkedIn 𝕏 X / Twitter 💬 WhatsApp ✈ Telegram
🍪 Privacy Preferences
CISO Consulting — Compliant with Saudi Personal Data Protection Law (PDPL)
We use cookies and similar technologies to provide the best experience on our platform. You can choose which types you accept.
🔒
Essential Always On
Required for the website to function properly. Cannot be disabled.
📋 Sessions, CSRF tokens, authentication, language preferences
📊
Analytics
Help us understand how visitors use the site and improve performance.
📋 Page views, session duration, traffic sources, performance metrics
⚙️
Functional
Enable enhanced features like content personalization and preferences.
📋 Dark/light theme, font size, custom dashboards, saved filters
📣
Marketing
Used to deliver content and ads relevant to your interests.
📋 Campaign tracking, retargeting, social media analytics
Privacy Policy →
CISO AI Assistant
Ask anything · Documents · Support
🔐

Introduce Yourself

Enter your details to access the full assistant

Your info is private and never shared
💬
CyberAssist
Online · responds in seconds
5 / 5
🔐 Verify Your Identity

Enter your email to receive a verification code before submitting a support request.

Enter to send · / for commands 0 / 2000
CISO AI · Powered by Anthropic Claude
✦ Quick Survey Help Us Improve CISO Consulting Your feedback shapes the future of our platform — takes less than 2 minutes.
⚠ Please answer this question to continue

How would you rate your overall experience with our platform?

Rate from 1 (poor) to 5 (excellent)

🎉
Thank you!
Your response has been recorded.