CVE-2026-25113

High

Published: 27 February 2026

Published

27 February 2026

Modified

05 March 2026

KEV Added

—

Patch

—

CVSS Score 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Score 0.0010 28.0th percentile

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-25113 is a high-severity Improper Restriction of Excessive Authentication Attempts (CWE-307) vulnerability in Swtchenergy Swtchenergy.Com. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Brute Force (T1110); ranked at the 28.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-7 (Unsuccessful Logon Attempts) and SC-5 (Denial-of-service Protection).

Threat & Defense at a Glance

What attackers do: exploitation maps to Brute Force (T1110) and 3 other techniques. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

AC-7 Unsuccessful Logon Attempts good match

preventdetect

AC-7 enforces limits on consecutive unsuccessful logon attempts and brute-force detection, directly mitigating the absence of restrictions on authentication requests that enable brute-force and resource exhaustion.

SC-5 Denial-of-service Protection good match

prevent

SC-5 requires denial-of-service protections tailored to prevent attacks that flood the WebSocket API with authentication requests, suppressing legitimate charger telemetry.

SI-4 System Monitoring partial match

detect

SI-4 enables continuous system monitoring to identify indicators of DoS or brute-force attacks through excessive authentication requests on the WebSocket interface.

MITRE ATT&CK Enterprise TechniquesAI

T1110 Brute Force Credential Access

Adversaries may use brute force techniques to gain access to accounts when passwords are unknown or when password hashes are obtained.

attack.mitre.org →

T1110.001 Password Guessing Credential Access

Adversaries with no prior knowledge of legitimate credentials within the system or environment may guess passwords to attempt access to accounts.

attack.mitre.org →

T1110.003 Password Spraying Credential Access

Adversaries may use a single or small list of commonly used passwords against many different accounts to attempt to acquire valid account credentials.

attack.mitre.org →

T1499.002 Service Exhaustion Flood Impact

Adversaries may target the different network services provided by systems to conduct a denial of service (DoS).

attack.mitre.org →

Why these techniques?

Lack of auth rate limiting (CWE-307) directly enables brute-force/password guessing attacks (T1110 and subs) and service exhaustion DoS against telemetry (T1499.002).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests. This absence of rate limiting may allow an attacker to conduct denial-of-service attacks by suppressing or mis-routing legitimate charger telemetry, or conduct brute-force attacks to gain unauthorized…

access.

Deeper analysisAI

CVE-2026-25113 is a vulnerability in the WebSocket Application Programming Interface that lacks restrictions on the number of authentication requests due to the absence of rate limiting. This issue affects components handling charger telemetry, as referenced in CISA ICS Advisory ICSA-26-057-06 and associated documentation from SWTCH Energy.

The vulnerability can be exploited by remote, unauthenticated attackers over the network with low attack complexity and no user interaction required. Attackers may conduct denial-of-service attacks by suppressing or mis-routing legitimate charger telemetry, or perform brute-force attacks to gain unauthorized access. The CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) reflects high availability impact, with CWE-307 (Improper Restriction of Excessive Authentication Attempts) as the underlying weakness.

Mitigation guidance is provided in CISA ICS Advisory ICSA-26-057-06 at https://www.cisa.gov/news-events/ics-advisories/icsa-26-057-06 and the corresponding CSAF JSON file at https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-057-06.json. Additional support is available by contacting SWTCH Energy at https://swtchenergy.com/contact/.