CVE-2025-5741 is a path traversal vulnerability (CWE-22) identified in Schneider Electric's EVLink WallBox, a product line of electric vehicle charging stations. This vulnerability allows an authenticated attacker to perform arbitrary file reads on the charging station's underlying file system by exploiting improper limitation of pathname inputs to restricted directories. Specifically, the web server component of the EVLink WallBox fails to adequately sanitize or restrict user-supplied pathnames, enabling traversal outside intended directories. The vulnerability affects all versions of the product as of the publication date. Exploitation requires an authenticated session, meaning the attacker must have valid credentials or otherwise gain access to the web server interface. The CVSS 4.0 base score is 6.9 (medium severity), reflecting network attack vector, low attack complexity, no user interaction, but requiring high privileges (authenticated user). The impact is primarily on confidentiality, as arbitrary file reads could expose sensitive configuration files, credentials, or operational data stored on the device. There is no indication of known exploits in the wild or available patches at the time of publication. The vulnerability does not affect integrity or availability directly but could facilitate further attacks if sensitive information is disclosed. Schneider Electric EVLink WallBox devices are typically deployed in commercial, residential, and public EV charging infrastructure, making this vulnerability relevant to organizations managing EV fleets or charging stations. The technical root cause is insufficient input validation on pathname parameters within the web server interface, a common security weakness that can be mitigated through proper canonicalization and restriction of file access paths.

For European organizations, the impact of CVE-2025-5741 can be significant, especially for entities operating or managing EV charging infrastructure such as utilities, commercial real estate, municipalities, and transportation companies. Unauthorized file reads could expose sensitive operational data, user credentials, or configuration files, potentially leading to privacy violations, compliance issues (e.g., GDPR concerns if personal data is exposed), and increased risk of lateral movement or further compromise within the network. Given the growing adoption of EV infrastructure across Europe, disruption or compromise of these systems could undermine trust in critical energy and transportation services. While the vulnerability does not directly allow remote code execution or denial of service, the confidentiality breach could facilitate more sophisticated attacks or espionage. Organizations relying on Schneider Electric EVLink WallBox devices should consider the risk of insider threats or credential compromise, as exploitation requires authenticated access. The medium severity rating suggests a moderate but actionable risk, particularly in environments where these devices are integrated into broader operational technology (OT) or IT networks.

1. Immediate mitigation should focus on restricting and monitoring access to the EVLink WallBox web server interface to trusted personnel only, enforcing strong authentication mechanisms and credential management to prevent unauthorized access. 2. Network segmentation should be applied to isolate EV charging infrastructure from critical IT and OT networks, limiting the potential impact of a compromised device. 3. Implement strict input validation and path normalization on the web server side to prevent path traversal attempts; if possible, apply vendor patches or firmware updates once available. 4. Conduct regular audits and file integrity monitoring on the charging station devices to detect unauthorized file access or changes. 5. Employ logging and alerting for suspicious authenticated sessions or abnormal file access patterns to enable rapid incident response. 6. Engage with Schneider Electric support channels to obtain updates on patch availability and recommended security configurations. 7. Consider deploying compensating controls such as Web Application Firewalls (WAFs) or Intrusion Detection Systems (IDS) tuned to detect path traversal attempts targeting the EVLink WallBox interface. 8. Educate and train staff managing these devices on secure operational practices and the importance of credential protection.