CVE-2025-5741: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Schneider Electric EVLink WallBox
CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause arbitrary file reads from the charging station. The exploitation of this vulnerability does require an authenticated session of the web server.
AI Analysis
Technical Summary
CVE-2025-5741 is a path traversal vulnerability (CWE-22) identified in Schneider Electric's EVLink WallBox, a product line of electric vehicle charging stations. This vulnerability allows an authenticated attacker to perform arbitrary file reads on the charging station's underlying file system by exploiting improper limitation of pathname inputs to restricted directories. Specifically, the web server component of the EVLink WallBox fails to adequately sanitize or restrict user-supplied pathnames, enabling traversal outside intended directories. The vulnerability affects all versions of the product as of the publication date. Exploitation requires an authenticated session, meaning the attacker must have valid credentials or otherwise gain access to the web server interface. The CVSS 4.0 base score is 6.9 (medium severity), reflecting network attack vector, low attack complexity, no user interaction, but requiring high privileges (authenticated user). The impact is primarily on confidentiality, as arbitrary file reads could expose sensitive configuration files, credentials, or operational data stored on the device. There is no indication of known exploits in the wild or available patches at the time of publication. The vulnerability does not affect integrity or availability directly but could facilitate further attacks if sensitive information is disclosed. Schneider Electric EVLink WallBox devices are typically deployed in commercial, residential, and public EV charging infrastructure, making this vulnerability relevant to organizations managing EV fleets or charging stations. The technical root cause is insufficient input validation on pathname parameters within the web server interface, a common security weakness that can be mitigated through proper canonicalization and restriction of file access paths.
Potential Impact
For European organizations, the impact of CVE-2025-5741 can be significant, especially for entities operating or managing EV charging infrastructure such as utilities, commercial real estate, municipalities, and transportation companies. Unauthorized file reads could expose sensitive operational data, user credentials, or configuration files, potentially leading to privacy violations, compliance issues (e.g., GDPR concerns if personal data is exposed), and increased risk of lateral movement or further compromise within the network. Given the growing adoption of EV infrastructure across Europe, disruption or compromise of these systems could undermine trust in critical energy and transportation services. While the vulnerability does not directly allow remote code execution or denial of service, the confidentiality breach could facilitate more sophisticated attacks or espionage. Organizations relying on Schneider Electric EVLink WallBox devices should consider the risk of insider threats or credential compromise, as exploitation requires authenticated access. The medium severity rating suggests a moderate but actionable risk, particularly in environments where these devices are integrated into broader operational technology (OT) or IT networks.
Mitigation Recommendations
1. Immediate mitigation should focus on restricting and monitoring access to the EVLink WallBox web server interface to trusted personnel only, enforcing strong authentication mechanisms and credential management to prevent unauthorized access. 2. Network segmentation should be applied to isolate EV charging infrastructure from critical IT and OT networks, limiting the potential impact of a compromised device. 3. Implement strict input validation and path normalization on the web server side to prevent path traversal attempts; if possible, apply vendor patches or firmware updates once available. 4. Conduct regular audits and file integrity monitoring on the charging station devices to detect unauthorized file access or changes. 5. Employ logging and alerting for suspicious authenticated sessions or abnormal file access patterns to enable rapid incident response. 6. Engage with Schneider Electric support channels to obtain updates on patch availability and recommended security configurations. 7. Consider deploying compensating controls such as Web Application Firewalls (WAFs) or Intrusion Detection Systems (IDS) tuned to detect path traversal attempts targeting the EVLink WallBox interface. 8. Educate and train staff managing these devices on secure operational practices and the importance of credential protection.
Affected Countries
Germany, France, Netherlands, United Kingdom, Norway, Sweden, Belgium, Italy
CVE-2025-5741: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Schneider Electric EVLink WallBox
Description
CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause arbitrary file reads from the charging station. The exploitation of this vulnerability does require an authenticated session of the web server.
AI-Powered Analysis
Technical Analysis
CVE-2025-5741 is a path traversal vulnerability (CWE-22) identified in Schneider Electric's EVLink WallBox, a product line of electric vehicle charging stations. This vulnerability allows an authenticated attacker to perform arbitrary file reads on the charging station's underlying file system by exploiting improper limitation of pathname inputs to restricted directories. Specifically, the web server component of the EVLink WallBox fails to adequately sanitize or restrict user-supplied pathnames, enabling traversal outside intended directories. The vulnerability affects all versions of the product as of the publication date. Exploitation requires an authenticated session, meaning the attacker must have valid credentials or otherwise gain access to the web server interface. The CVSS 4.0 base score is 6.9 (medium severity), reflecting network attack vector, low attack complexity, no user interaction, but requiring high privileges (authenticated user). The impact is primarily on confidentiality, as arbitrary file reads could expose sensitive configuration files, credentials, or operational data stored on the device. There is no indication of known exploits in the wild or available patches at the time of publication. The vulnerability does not affect integrity or availability directly but could facilitate further attacks if sensitive information is disclosed. Schneider Electric EVLink WallBox devices are typically deployed in commercial, residential, and public EV charging infrastructure, making this vulnerability relevant to organizations managing EV fleets or charging stations. The technical root cause is insufficient input validation on pathname parameters within the web server interface, a common security weakness that can be mitigated through proper canonicalization and restriction of file access paths.
Potential Impact
For European organizations, the impact of CVE-2025-5741 can be significant, especially for entities operating or managing EV charging infrastructure such as utilities, commercial real estate, municipalities, and transportation companies. Unauthorized file reads could expose sensitive operational data, user credentials, or configuration files, potentially leading to privacy violations, compliance issues (e.g., GDPR concerns if personal data is exposed), and increased risk of lateral movement or further compromise within the network. Given the growing adoption of EV infrastructure across Europe, disruption or compromise of these systems could undermine trust in critical energy and transportation services. While the vulnerability does not directly allow remote code execution or denial of service, the confidentiality breach could facilitate more sophisticated attacks or espionage. Organizations relying on Schneider Electric EVLink WallBox devices should consider the risk of insider threats or credential compromise, as exploitation requires authenticated access. The medium severity rating suggests a moderate but actionable risk, particularly in environments where these devices are integrated into broader operational technology (OT) or IT networks.
Mitigation Recommendations
1. Immediate mitigation should focus on restricting and monitoring access to the EVLink WallBox web server interface to trusted personnel only, enforcing strong authentication mechanisms and credential management to prevent unauthorized access. 2. Network segmentation should be applied to isolate EV charging infrastructure from critical IT and OT networks, limiting the potential impact of a compromised device. 3. Implement strict input validation and path normalization on the web server side to prevent path traversal attempts; if possible, apply vendor patches or firmware updates once available. 4. Conduct regular audits and file integrity monitoring on the charging station devices to detect unauthorized file access or changes. 5. Employ logging and alerting for suspicious authenticated sessions or abnormal file access patterns to enable rapid incident response. 6. Engage with Schneider Electric support channels to obtain updates on patch availability and recommended security configurations. 7. Consider deploying compensating controls such as Web Application Firewalls (WAFs) or Intrusion Detection Systems (IDS) tuned to detect path traversal attempts targeting the EVLink WallBox interface. 8. Educate and train staff managing these devices on secure operational practices and the importance of credential protection.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- schneider
- Date Reserved
- 2025-06-05T15:26:07.283Z
- Cvss Version
- 4.0
- State
- PUBLISHED
Threat ID: 68487f591b0bd07c3938a9de
Added to database: 6/10/2025, 6:54:17 PM
Last enriched: 7/11/2025, 2:04:00 AM
Last updated: 8/15/2025, 3:24:12 AM
Views: 13
Related Threats
CVE-2025-3495: CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Delta Electronics COMMGR
CriticalCVE-2025-53948: CWE-415 Double Free in Santesoft Sante PACS Server
HighCVE-2025-52584: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-46269: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-54862: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.