CVE-2025-22369

Mennekes smart/premium charges systems, Arbitrary file download using ReadFile endpoint

CVE CVE-2025-22369
Title Mennekes smart/premium charges systems, Arbitrary file download using ReadFile endpoint
Credits
  • Wilco van Beijnum (finder)
  • Harm van den Brink(DIVD) (analyst)
  • Frank Breedijk (DIVD) (analyst)
Affected products
Product Affected Unaffected Unknown
Mennekes Smart / Premium charging stations >= * to < 2.15 (semver)
everything else
CVSS
Base score 7.1 - HIGH
Attack Vector NETWORK
Attack Complexity> LOW
Attack Requirements NONE
Privileges Required LOW
Confidentiality Impact
Vulnerable system HIGH Subsequent systems NONE
Integrity Impact
Vulnerable system NONE Subsequent systems NONE
Availability Impact
Vulnerable system NONE Subsequent systems NONE
Safety impact NEGLIGIBLE
Automatable YES
Recovery NOT_DEFINED
Value Density NOT_DEFINED
Vulnerability Response effort NOT_DEFINED
Provider Urgency NOT_DEFINED
References
Problem type(s) CWE-552 Files or Directories Accessible to External Parties
Impact(s) CAPEC-597 Absolute Path Traversal
Date published 10 Mar 2025 14:00 UTC
Last modified 11 Mar 2025 13:40 UTC

Description

The ReadFile endpoint of the firmware for Mennekes Smart / Premium Chargingpoints can be abused to read arbitrary files from the underlying OS.



JSON version.