Skip to the content.

CVE-2025-5740

CVE CVE-2025-5740
Title
Affected products
Product Affected Unaffected Unknown
Schneider Electric EVLink WallBox = All Versions ()
everything else
CVSS Scenario 1 : GENERAL
Base score 8.6 - HIGH
Attack Vector NETWORK
Attack Complexity> LOW
Attack Requirements NONE
Privileges Required HIGH
Confidentiality Impact
Vulnerable system HIGH Subsequent systems NONE
Integrity Impact
Vulnerable system HIGH Subsequent systems NONE
Availability Impact
Vulnerable system HIGH Subsequent systems NONE
Safety impact NOT_DEFINED
Automatable NOT_DEFINED
Recovery NOT_DEFINED
Value Density NOT_DEFINED
Vulnerability Response effort NOT_DEFINED
Provider Urgency NOT_DEFINED

Scenario 2 : GENERAL
Base score: 7.2 (HIGH)
References https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-161-03&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2025-161-03.pdf
Problem type(s) CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Date published
Last modified 10 Jun 2025 13:09 UTC

Description

CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause arbitrary file writes when an authenticated user on the web server manipulates file path.


JSON version.