CVE-2025-5743

CVE CVE-2025-5743
Title
Affected products
Product Affected Unaffected Unknown
Schneider Electric EVLink WallBox = All Versions ()
everything else
CVSS Scenario 1 : GENERAL
Base score 7 - HIGH
Attack Vector NETWORK
Attack Complexity> LOW
Attack Requirements NONE
Privileges Required HIGH
Confidentiality Impact
Vulnerable system LOW Subsequent systems NONE
Integrity Impact
Vulnerable system HIGH Subsequent systems NONE
Availability Impact
Vulnerable system NONE Subsequent systems NONE
Safety impact NOT_DEFINED
Automatable NOT_DEFINED
Recovery NOT_DEFINED
Value Density NOT_DEFINED
Vulnerability Response effort NOT_DEFINED
Provider Urgency NOT_DEFINED

Scenario 2 : GENERAL
Base score: 5.5 (MEDIUM)
References https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-161-03&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2025-161-03.pdf
Problem type(s) CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Date published
Last modified 10 Jun 2025 13:07 UTC

Description

CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could cause remote control over the charging station when an authenticated user modifies configuration parameters on the web server.

JSON version.