Heliox EV Charging Stn: Improper ACL via Cable (Pre-F4.11.1/L4.10.1)
CVE-2025-27769 Published on March 10, 2026

A vulnerability has been identified in Heliox Flex 180 kW EV Charging Station (All versions < F4.11.1), Heliox Mobile DC 40 kW EV Charging Station (All versions < L4.10.1). Affected devices contain improper access control that could allow an attacker to reach unauthorized services via the charging cable.

NVD

Weakness Type

Improper Restriction of Communication Channel to Intended Endpoints

The software establishes a communication channel to (or from) an endpoint for privileged or protected operations, but it does not properly ensure that it is communicating with the correct endpoint.

Affected Versions

Siemens Heliox Flex 180 kW EV Charging Station:

Before F4.11.1 is affected.

Siemens Heliox Mobile DC 40 kW EV Charging Station:

Before L4.10.1 is affected.

Exploit Probability

EPSS

0.01%

Percentile

2.55%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

Heliox EV Charging Stn: Improper ACL via Cable (Pre-F4.11.1/L4.10.1)CVE-2025-27769 Published on March 10, 2026

Weakness Type

Improper Restriction of Communication Channel to Intended Endpoints

Affected Versions

Exploit Probability

Heliox EV Charging Stn: Improper ACL via Cable (Pre-F4.11.1/L4.10.1)
CVE-2025-27769 Published on March 10, 2026