CVE-2025-48416 is a vulnerability identified in the firmware of eCharge Hardy Barth cPH2 and cPP2 electric vehicle charging stations, specifically versions 2.2.0 and earlier. The core issue stems from a hidden or hard-coded root user entry present in the /etc/shadow file within the device's firmware image. This entry allows for root-level authentication if accessed. The charging stations run an OpenSSH daemon on TCP port 22, which by default disables root login via the 'PermitRootLogin' setting. However, attackers can bypass or alter this configuration through multiple attack paths, potentially enabling direct root SSH access. This hidden functionality (classified under CWE-912) represents a backdoor-like condition that undermines the device’s security model. Exploiting this vulnerability does not require prior authentication or user interaction, and can be performed remotely over the network, though it requires overcoming some access control hurdles (reflected in the CVSS vector's high attack complexity). Successful exploitation grants attackers full control over the charging station, allowing them to manipulate charging operations, disrupt service availability, or use the device as a foothold for lateral movement within the network. No public exploits have been reported yet, but the vulnerability’s presence in critical infrastructure components like EV charging stations raises significant concerns. The lack of available patches at the time of publication necessitates immediate compensating controls. The vulnerability was reserved and published in May 2025 by SEC-VLab and assigned CVSS v3.1 score 8.1, indicating high severity with network attack vector, no privileges required, no user interaction, and high impact on confidentiality, integrity, and availability.

For European organizations, this vulnerability poses a substantial risk to the security and reliability of EV charging infrastructure. Compromise of charging stations can lead to unauthorized control over charging sessions, potentially causing financial losses, service disruptions, or safety hazards. Attackers gaining root access could manipulate firmware or software to disable charging, cause physical damage, or use the compromised devices as pivot points to infiltrate broader enterprise or utility networks. Given the increasing reliance on EV infrastructure across Europe, such disruptions could affect critical transportation and energy sectors. Confidentiality breaches could expose sensitive operational data or user information. Integrity violations might allow attackers to falsify charging records or tamper with billing systems. Availability impacts could result in denial of service, affecting end-users and undermining trust in EV services. The threat is particularly acute for organizations managing large fleets or public charging networks, where scale amplifies potential damage. The absence of known exploits currently provides a window for proactive defense, but the high severity score underscores the urgency of mitigation.

Immediate mitigation should focus on network-level protections, including strict segmentation of charging station networks from corporate and public networks to limit attacker access. Implement firewall rules to restrict SSH access to trusted management hosts only. Monitor network traffic for unusual SSH connection attempts or configuration changes. Since no patches are currently available, organizations should engage with eCharge Hardy Barth for firmware updates and security advisories. Employ intrusion detection systems tailored to detect anomalous behavior on charging stations. Regularly audit device configurations to ensure 'PermitRootLogin' remains disabled and verify no unauthorized changes have been made. Consider deploying multi-factor authentication on management interfaces if supported. Where possible, isolate charging stations in dedicated VLANs with limited inbound connectivity. Establish incident response plans specific to EV infrastructure compromise. Finally, maintain up-to-date asset inventories to quickly identify affected devices and prioritize remediation.