CVE-2025-5740 is a path traversal vulnerability classified under CWE-22 found in Schneider Electric's EVLink WallBox, a widely deployed electric vehicle charging station. The vulnerability arises from improper validation and limitation of file pathnames on the device's embedded web server. An authenticated user with high privileges can manipulate file path parameters to write arbitrary files outside the intended restricted directories. This flaw enables attackers to overwrite critical configuration or system files, potentially leading to device compromise, persistent backdoors, or denial of service. The vulnerability affects all versions of the EVLink WallBox, indicating a systemic issue in the product's input validation mechanisms. The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N) highlights that the vulnerability is remotely exploitable over the network with low attack complexity, requires high privileges but no user interaction, and impacts confidentiality, integrity, and availability severely. No patches have been released yet, and no exploits are publicly known, but the risk remains high due to the critical nature of the device in energy infrastructure. The vulnerability could be leveraged to disrupt EV charging services or pivot into broader network environments if the device is connected to enterprise networks.

For European organizations, especially those in the energy and transportation sectors, this vulnerability poses a significant risk to operational continuity and infrastructure security. EVLink WallBoxes are integral to electric vehicle charging infrastructure, which is critical for sustainable transport initiatives across Europe. Exploitation could lead to unauthorized modification or deletion of system files, causing device malfunction or denial of service, disrupting EV charging availability. This disruption could affect fleet operators, public charging stations, and private installations, impacting business operations and user trust. Furthermore, compromised devices could serve as footholds for lateral movement within enterprise networks, risking broader IT infrastructure. Given the strategic push for green energy and EV adoption in Europe, the vulnerability could have cascading effects on energy management and smart grid systems. The lack of known exploits currently reduces immediate risk but does not eliminate the threat, especially as attackers may develop exploits rapidly once details are public.

Immediate mitigation steps include restricting access to the EVLink WallBox web interface to trusted administrators only, ideally through network segmentation and VPNs. Organizations should enforce strong authentication mechanisms and monitor access logs for unusual activity indicative of exploitation attempts. Until Schneider Electric releases official patches, consider disabling or limiting web server functionalities if feasible. Employ network intrusion detection systems (NIDS) with signatures or anomaly detection tailored to EVLink traffic patterns. Regularly audit device configurations and firmware versions to identify affected units. Engage with Schneider Electric support channels to obtain updates on patch availability and apply them promptly once released. Additionally, implement compensating controls such as application-layer firewalls or reverse proxies to filter and sanitize web requests targeting the device. For critical infrastructure, establish incident response plans that include EVLink WallBox compromise scenarios to minimize downtime and data loss.