CVE-2025-5740 is a high-severity path traversal vulnerability (CWE-22) affecting all versions of Schneider Electric's EVLink WallBox, a product used for electric vehicle charging infrastructure. The vulnerability arises from improper limitation of pathname inputs to restricted directories on the device's web server. Specifically, an unauthenticated attacker can manipulate file path parameters to perform arbitrary file writes on the system. This means that without any authentication or user interaction, a remote attacker can potentially write malicious files to the device's filesystem, which could lead to unauthorized code execution, system compromise, or disruption of charging services. The vulnerability has a CVSS 4.0 base score of 8.6, reflecting its network attack vector (AV:N), low attack complexity (AC:L), no authentication required (AT:N), and no user interaction needed (UI:N). The impact metrics indicate high confidentiality, integrity, and availability impacts (VC:H, VI:H, VA:H), meaning that exploitation could lead to full compromise of the device, data leakage, or service outages. The vulnerability is currently published with no known exploits in the wild and no patches available at the time of reporting. Given the critical role of EVLink WallBox in EV charging infrastructure, exploitation could have significant operational and safety implications.

For European organizations, the impact of this vulnerability is substantial due to the increasing adoption of electric vehicles and the corresponding deployment of EV charging infrastructure. Schneider Electric is a major supplier of industrial and energy management solutions in Europe, and their EVLink WallBox units are widely used in public, commercial, and residential charging stations. Exploitation could allow attackers to disrupt charging services, potentially causing operational downtime and customer dissatisfaction. More critically, arbitrary file writes could enable attackers to implant persistent malware or backdoors, threatening the integrity and availability of charging infrastructure. This could have cascading effects on energy management systems and critical infrastructure relying on these devices. Confidentiality breaches could expose sensitive operational data or user information. The lack of authentication requirement and ease of exploitation increases the risk of widespread attacks, especially in densely deployed urban environments. Additionally, disruption of EV charging services could hinder the EU's green energy and transportation goals, affecting broader economic and environmental objectives.

Given the absence of an official patch, European organizations should implement immediate compensating controls. Network segmentation is critical: isolate EVLink WallBox devices on dedicated VLANs or subnets with strict firewall rules to limit access to trusted management hosts only. Employ web application firewalls (WAFs) or intrusion prevention systems (IPS) with custom rules to detect and block suspicious path traversal attempts targeting the device's web interface. Regularly monitor device logs and network traffic for anomalous file write activities or unauthorized access attempts. Disable any unnecessary web services or remote management interfaces on the devices to reduce the attack surface. Where possible, restrict physical and network access to the devices to authorized personnel only. Organizations should engage with Schneider Electric for timely patch releases and apply updates as soon as they become available. Additionally, consider deploying endpoint detection and response (EDR) solutions on connected management systems to detect lateral movement or exploitation attempts. Finally, conduct security awareness training for operational staff to recognize signs of compromise and report incidents promptly.