CVE-2025-48416 is a high-severity vulnerability affecting eCharge Hardy Barth cPH2 and cPP2 electric vehicle charging stations running firmware versions up to 2.2.0. The vulnerability arises from a hidden functionality issue (CWE-912) where the OpenSSH daemon listens on TCP port 22 and a hard-coded root user entry exists in the "/etc/shadow" file within the firmware image. Although the default SSH configuration disables root login via the "PermitRootLogin" setting, this restriction can be bypassed or altered by an attacker through multiple attack vectors, enabling unauthorized root access. This effectively allows an unauthenticated remote attacker to gain full control over the charging station systems. The vulnerability has a CVSS 3.1 base score of 8.1, reflecting high impact on confidentiality, integrity, and availability, with network attack vector, no privileges required, and no user interaction needed. The presence of a hard-coded root credential combined with the ability to modify SSH configuration remotely or locally creates a critical security risk. Exploitation could lead to complete system compromise, enabling attackers to manipulate charging operations, disrupt service availability, or use the compromised devices as footholds for lateral movement within critical infrastructure networks. No known exploits are reported in the wild yet, but the vulnerability is publicly disclosed and should be treated with urgency.

For European organizations, especially those operating electric vehicle charging infrastructure, this vulnerability poses significant operational and security risks. Compromise of charging stations could disrupt EV charging services, impacting transportation and mobility sectors reliant on these facilities. Confidentiality breaches could expose sensitive operational data or network credentials, while integrity violations might allow attackers to alter charging parameters, potentially causing physical damage or safety hazards. Availability impacts could lead to denial of service, affecting end-users and damaging organizational reputation. Additionally, compromised charging stations could serve as entry points for attackers targeting broader corporate or critical infrastructure networks, increasing the risk of large-scale cyber incidents. Given Europe's strong push towards EV adoption and smart grid integration, such vulnerabilities undermine trust in essential green energy infrastructure and could have cascading effects on energy management and transportation systems.

Organizations should immediately verify firmware versions on all eCharge Hardy Barth cPH2 and cPP2 charging stations and prioritize upgrading to patched versions once available. Until patches are released, network segmentation should be enforced to isolate charging stations from critical internal networks, limiting exposure to potential attackers. Implement strict firewall rules to restrict access to TCP port 22 only to trusted management hosts and consider disabling SSH access entirely if remote management is not required. Regularly audit device configurations to detect unauthorized changes to SSH settings, particularly the "PermitRootLogin" parameter. Employ network intrusion detection systems (NIDS) to monitor for anomalous SSH connection attempts or configuration modification activities. Additionally, enforce strong physical security controls to prevent local tampering with devices. Collaborate with the vendor for timely updates and guidance, and consider deploying compensating controls such as multi-factor authentication for device management interfaces if supported. Finally, integrate these devices into broader vulnerability management and incident response processes to ensure rapid detection and remediation of exploitation attempts.