CVE-2025-48415 is a medium-severity vulnerability affecting eCharge Hardy Barth cPH2 and cPP2 electric vehicle charging stations with firmware versions up to 2.2.0. The vulnerability arises from an exposed dangerous method or function (CWE-749) that allows an attacker to exploit a USB backdoor feature. Specifically, if an attacker connects a USB drive containing a specially crafted configuration file named "salia.ini" to the charging station, the device processes this file and executes embedded commands. These commands can manipulate device configurations, enable an SSH backdoor, or execute arbitrary operating system commands without requiring authentication or user interaction. The vulnerability is local (AV:L) and requires physical access to the device, but it has low attack complexity (AC:L) and no privileges or user interaction needed (PR:N/UI:N). While confidentiality is not impacted, the integrity of the device is severely compromised, allowing attackers to alter configurations and potentially control the device remotely. Availability is not directly affected. No known exploits are currently reported in the wild, and no patches have been linked yet. The vulnerability was published on May 21, 2025, and is tracked under CWE-749, which relates to exposed dangerous methods or functions that can be misused by attackers. The CVSS v3.1 base score is 6.2, reflecting a medium severity level primarily due to the requirement of physical access and the lack of confidentiality impact.

For European organizations deploying eCharge Hardy Barth cPH2 and cPP2 charging stations, this vulnerability poses a significant risk to the integrity and security of their EV charging infrastructure. Attackers with physical access could manipulate charging station configurations, potentially enabling unauthorized remote access via SSH backdoors. This could lead to unauthorized control over charging operations, data manipulation, or pivoting into internal networks if the charging stations are connected to corporate systems. Given the increasing adoption of EV infrastructure across Europe, especially in countries with strong EV market penetration and green energy initiatives, compromised charging stations could disrupt service availability indirectly by undermining trust or causing operational issues. Additionally, attackers could leverage the backdoor to conduct further attacks on connected networks, potentially impacting critical infrastructure. The lack of confidentiality impact reduces the risk of data leakage, but the integrity compromise and potential for remote control elevate the threat to a medium-high concern for organizations relying on these devices for public or private EV charging services.

To mitigate this vulnerability, European organizations should: 1) Immediately restrict physical access to charging stations to trusted personnel only, employing physical security controls such as locked enclosures or surveillance. 2) Monitor and control USB port usage on charging stations, disabling USB ports if possible or using USB port locks to prevent unauthorized device connections. 3) Implement network segmentation to isolate charging stations from critical internal networks, limiting the potential impact of a compromised device. 4) Regularly audit device configurations and logs for signs of unauthorized changes or SSH backdoor activations. 5) Engage with eCharge Hardy Barth for firmware updates or patches addressing this vulnerability; if none are available, consider temporary operational controls such as disabling USB functionality or deploying compensating controls. 6) Train staff on the risks associated with physical access to charging infrastructure and the importance of securing USB interfaces. 7) Develop incident response plans specific to EV charging infrastructure compromise scenarios to enable rapid containment and remediation.