Introduction
Session hijacking and billing fraud are now practical threats for electric vehicle charging networks using ISO 15118-2. CVE-2025-12357 exposes a protocol-level flaw that allows attackers in close proximity to intercept or manipulate charging sessions before any cryptographic protections are in place. This vulnerability directly impacts the integrity and trustworthiness of public and fleet EV charging infrastructure.
ISO 15118-2 is an international standard that defines communication between electric vehicles and charging stations. It is widely adopted by EVSE (Electric Vehicle Supply Equipment) and vehicle manufacturers globally, forming the backbone of modern smart charging networks. The SLAC (Signal Level Attenuation Characterization) protocol is a foundational component of this standard, enabling physical association between a vehicle and a charger over powerline communication.
Technical Information
The vulnerability resides in the SLAC protocol, which is responsible for the initial physical pairing between an electric vehicle and a charging station using HomePlug Green PHY powerline communication. During the SLAC process, the vehicle (EVCC) sends out sounding messages to test the communication channel. The charger (EVSE) responds with attenuation measurements, which the vehicle uses to select the appropriate charger.
Critically, the SLAC protocol does not implement authentication or encryption for these messages. This design choice means any device within the same powerline segment or within electromagnetic coupling range can inject spoofed SLAC responses. An attacker can craft responses with manipulated attenuation values, causing the vehicle to associate with an attacker-controlled device rather than the legitimate charger. This establishes a man-in-the-middle position before any higher-layer security (such as TLS) is negotiated.
The root cause is a protocol design issue: SLAC does not restrict communication to intended endpoints and does not verify the authenticity of attenuation measurements (CWE-923). As a result, the attacker can intercept, modify, or inject messages throughout the charging session, potentially capturing credentials, altering billing data, or disrupting charging operations.
Exploitation requires physical proximity to the charging infrastructure. This can be achieved by connecting to the same powerline segment or, in some scenarios, by using specialized hardware to inject signals wirelessly via electromagnetic induction. While the latter is less documented, it remains a theoretical risk highlighted in the advisory.
No public code snippets or exploit scripts are available for this vulnerability as of the advisory date.
Affected Systems and Versions
All implementations of ISO 15118-2 that use the SLAC protocol for EV to EVSE pairing are affected. This includes:
- Any EVSE (charging station) or vehicle supporting ISO 15118-2 SLAC pairing
- All firmware and software versions implementing the protocol as specified
- Both public and private charging deployments using HomePlug Green PHY
No vendor-specific or version-specific exclusions have been identified. The vulnerability is inherent to the protocol design and not tied to a particular product or firmware version.
Vendor Security History
The vulnerability is protocol-level and affects the entire ISO 15118-2 ecosystem. Previous research has documented inconsistent adoption of security best practices among EVSE vendors, including slow rollout of TLS and weak key management in some implementations. The industry has a mixed track record for timely patching, especially for embedded and long-lifecycle infrastructure. No single vendor is uniquely responsible for this issue.
