CVE-2025-5740

CVE

CVE-2025-5740

Title

Affected products

Product	Affected	Unaffected	Unknown
Schneider Electric EVLink WallBox	= All Versions ()
Schneider Electric EVLink WallBox		everything else

CVSS

Scenario 1 : GENERAL

Base score	8.6 - HIGH
Attack Vector	NETWORK
Attack Complexity>	LOW
Attack Requirements	NONE
Privileges Required	HIGH
Confidentiality Impact
Vulnerable system	HIGH	Subsequent systems	NONE
Integrity Impact
Vulnerable system	HIGH	Subsequent systems	NONE
Availability Impact
Vulnerable system	HIGH	Subsequent systems	NONE
Safety impact	NOT_DEFINED
Automatable	NOT_DEFINED
Recovery	NOT_DEFINED
Value Density	NOT_DEFINED
Vulnerability Response effort	NOT_DEFINED
Provider Urgency	NOT_DEFINED

Scenario 2 : GENERAL
Base score: 7.2 (HIGH)

References

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-161-03&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2025-161-03.pdf

Problem type(s)

CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Date published

Last modified

10 Jun 2025 13:09 UTC

Description

CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause arbitrary file writes when an authenticated user on the web server manipulates file path.

JSON version.

DIVD CSIRT

CVE-2025-5740

Description