CVE-2025-5741

CVE CVE-2025-5741
Title
Affected products
Product Affected Unaffected Unknown
Schneider Electric EVLink WallBox = All Versions ()
everything else
CVSS Scenario 1 : GENERAL
Base score 6.9 - MEDIUM
Attack Vector NETWORK
Attack Complexity> LOW
Attack Requirements NONE
Privileges Required HIGH
Confidentiality Impact
Vulnerable system HIGH Subsequent systems NONE
Integrity Impact
Vulnerable system NONE Subsequent systems NONE
Availability Impact
Vulnerable system NONE Subsequent systems NONE
Safety impact NOT_DEFINED
Automatable NOT_DEFINED
Recovery NOT_DEFINED
Value Density NOT_DEFINED
Vulnerability Response effort NOT_DEFINED
Provider Urgency NOT_DEFINED

Scenario 2 : GENERAL
Base score: 4.9 (MEDIUM)
References https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-161-03&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2025-161-03.pdf
Problem type(s) CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Date published
Last modified 10 Jun 2025 13:08 UTC

Description

CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause arbitrary file reads from the charging station. The exploitation of this vulnerability does require an authenticated session of the web server.

JSON version.