CVE-2025-3882 is a critical remote code execution vulnerability affecting the eCharge Hardy Barth cPH2 electric vehicle charging stations, specifically version 2.0.4. The vulnerability stems from improper neutralization of special elements in the 'dest' parameter of the 'nwcheckexec.php' endpoint. This parameter is used in a system call without proper validation or sanitization, allowing an attacker to inject arbitrary OS commands. Exploitation requires no authentication and can be performed by network-adjacent attackers, meaning that an attacker only needs to be on the same network or have network access to the device. Successful exploitation enables execution of arbitrary code with the privileges of the 'www-data' user, which is typically the web server user on Linux-based systems. This can lead to full compromise of the charging station's software environment, potentially allowing attackers to manipulate charging operations, disrupt service availability, or pivot to other networked systems. The vulnerability is classified under CWE-78 (Improper Neutralization of Special Elements used in an OS Command), indicating a classic OS command injection flaw. The CVSS v3.0 base score is 8.8 (high severity), reflecting the ease of exploitation (no privileges or user interaction required), the network attack vector, and the high impact on confidentiality, integrity, and availability. As of the publication date, no known exploits have been observed in the wild, but the vulnerability's nature and impact make it a significant risk for affected installations. No official patches or mitigation links have been provided yet, increasing the urgency for organizations to implement compensating controls.

For European organizations deploying eCharge Hardy Barth cPH2 charging stations, this vulnerability poses a substantial risk. Electric vehicle charging infrastructure is critical for supporting the growing EV market and sustainable transportation goals across Europe. Exploitation could lead to unauthorized control over charging stations, causing service disruptions, denial of charging capabilities, or manipulation of billing and usage data. This could impact public charging networks, commercial fleets, and private installations, undermining trust in EV infrastructure. Additionally, compromised charging stations could serve as footholds for lateral movement within corporate or municipal networks, potentially exposing sensitive operational technology (OT) and IT systems. Given the increasing reliance on EV infrastructure in Europe, such disruptions could have cascading effects on transportation logistics and energy management. Confidentiality breaches could expose user data or operational details, while integrity violations might allow attackers to alter charging parameters or logs. Availability impacts could result in downtime or degraded service, affecting end users and operators alike.

In the absence of an official patch, European organizations should immediately implement network segmentation to isolate charging stations from broader corporate or public networks, limiting attacker access. Deploy strict firewall rules to restrict access to the 'nwcheckexec.php' endpoint, ideally allowing only trusted management systems to communicate with the devices. Monitor network traffic for anomalous requests targeting the 'dest' parameter or unusual command execution patterns. Employ intrusion detection/prevention systems (IDS/IPS) with custom signatures to detect exploitation attempts. Where possible, disable or restrict the vulnerable functionality if it is not essential for operations. Conduct regular audits of charging station firmware and software versions to identify affected devices. Engage with the vendor for timely updates and patches, and plan for rapid deployment once available. Additionally, implement strong logging and alerting mechanisms to detect suspicious activities on charging stations. Consider deploying endpoint protection solutions capable of detecting abnormal process executions on these devices. Finally, educate operational staff about the risks and signs of compromise related to EV charging infrastructure.