CVE-2025-27804 is a vulnerability classified under CWE-78 (Improper Neutralization of Special Elements used in an OS Command) found in the firmware of eCharge Hardy Barth cPH2 and cPP2 electric vehicle charging stations, specifically in the /var/salia/mqtt.php script. This vulnerability allows an attacker to inject arbitrary operating system commands by publishing specially crafted messages to a particular MQTT topic. The commands execute with root privileges, granting full control over the device. The attack vector is network-based (AV:N), requires low attack complexity (AC:L), but does require privileges (PR:H) to publish to the MQTT topic, and no user interaction (UI:N) is needed. The vulnerability impacts confidentiality and integrity severely (C:H/I:H) but does not affect availability (A:N). The affected firmware versions are those up to and including 2.2.0. No patches or exploit code are currently publicly available, and no known exploitation in the wild has been reported. The vulnerability poses a significant risk to the security of EV charging infrastructure, potentially allowing attackers to manipulate charging station operations, extract sensitive data, or pivot into connected networks.

For European organizations, this vulnerability threatens the security and reliability of electric vehicle charging infrastructure, which is critical for the ongoing transition to sustainable transport. Successful exploitation could lead to unauthorized control over charging stations, enabling attackers to disrupt services, manipulate billing data, or use the compromised devices as entry points into corporate or utility networks. This could result in data breaches, operational disruptions, and reputational damage. Given the root-level access, attackers could also install persistent malware or launch lateral attacks. The impact is particularly significant in countries with dense EV infrastructure and widespread deployment of eCharge Hardy Barth devices, potentially affecting public charging networks, fleet operators, and energy providers. The vulnerability could also undermine trust in EV infrastructure security, slowing adoption rates.

Organizations should immediately verify the firmware versions of their eCharge Hardy Barth cPH2 and cPP2 charging stations and plan for prompt updates once patches become available. Until patches are released, network-level mitigations are critical: restrict MQTT topic access to trusted and authenticated users only, enforce strong authentication and authorization mechanisms on MQTT brokers, and segment charging station networks from critical corporate or utility infrastructure. Monitoring MQTT traffic for unusual or malformed messages can help detect attempted exploitation. Employing intrusion detection systems with signatures for MQTT anomalies is recommended. Additionally, disable or limit unnecessary MQTT topics and services on the devices. Vendors and operators should collaborate to accelerate patch development and deployment. Regular security audits of charging infrastructure and incident response plans tailored to IoT and OT environments will enhance resilience.