CVE-2025-48415 is a vulnerability identified in eCharge Hardy Barth's cPH2 and cPP2 electric vehicle charging stations, specifically in firmware versions up to 2.2.0. The flaw arises from an exposed dangerous method or function (CWE-749) that manifests as a USB backdoor feature. When an attacker inserts a USB drive containing a specially crafted 'salia.ini' configuration file, the charging station parses this file and executes embedded commands without authentication or user interaction. These commands can export or modify the device's configuration, enable an SSH backdoor for persistent remote access, and execute arbitrary operating system commands. The attack vector is local (physical USB access), requiring no privileges or user interaction, which lowers the barrier for exploitation if physical access is obtained. The vulnerability does not impact confidentiality directly but severely compromises integrity by allowing unauthorized configuration changes and command execution. Availability is not directly affected. The CVSS 3.1 score of 6.2 reflects the medium severity, considering the local attack vector and high impact on integrity. No public exploits have been reported yet, but the potential for attackers to gain administrative control and establish persistent backdoors makes this a critical concern for operators of these charging stations. The lack of available patches at the time of disclosure necessitates immediate compensating controls to prevent exploitation.

The primary impact of CVE-2025-48415 is the unauthorized administrative control over affected charging stations, which can lead to manipulation of device configurations and execution of arbitrary OS commands. For European organizations, this can disrupt EV charging infrastructure integrity, potentially leading to operational disruptions or unauthorized access to connected networks if the charging stations are networked. Attackers could enable SSH backdoors, facilitating persistent remote access and lateral movement within organizational networks. This risk is particularly acute for public or private EV charging operators, utilities, and smart city infrastructure providers. While confidentiality is not directly compromised, the integrity and trustworthiness of critical EV infrastructure are at risk, which could undermine user confidence and regulatory compliance. Additionally, compromised charging stations could be leveraged as entry points for broader cyberattacks against critical infrastructure. The medium severity rating suggests a significant but not catastrophic risk, emphasizing the need for timely mitigation to prevent escalation.

1. Restrict physical access to charging stations by deploying them in secured or monitored locations to prevent unauthorized USB device insertion. 2. Implement strict USB device control policies, including disabling USB ports where possible or using endpoint security solutions that whitelist authorized USB devices. 3. Monitor charging station logs and network traffic for unusual configuration changes or SSH access attempts indicative of exploitation. 4. Coordinate with eCharge Hardy Barth for firmware updates or patches addressing this vulnerability and apply them promptly once available. 5. Conduct regular security audits of charging station configurations and network segmentation to limit potential lateral movement from compromised devices. 6. Educate maintenance and operational staff about the risks of unauthorized USB devices and enforce strict procedures for USB usage. 7. Consider deploying intrusion detection systems tailored to detect anomalous commands or backdoor activations on charging station management interfaces.