CVE-2025-5742 is a medium-severity Cross-Site Scripting (XSS) vulnerability classified under CWE-79, affecting all versions of the Schneider Electric EVLink WallBox product. This vulnerability arises from improper neutralization of input during web page generation on the device's embedded web server. Specifically, an authenticated user who has access to modify configuration parameters on the web interface can inject malicious scripts that are not properly sanitized before being rendered in the browser. The vulnerability is remotely exploitable over the network (AV:N) with low attack complexity (AC:L) and does not require privileges beyond authenticated user access (PR:L). User interaction is required (UI:P), and the impact is limited primarily to confidentiality (VC:L) with no direct impact on integrity or availability. The scope is limited (SI:L), meaning the vulnerability affects only the vulnerable component without impacting other components or systems. No known exploits are currently reported in the wild, and no patches have been published yet. The CVSS 4.0 vector indicates that exploitation requires authentication but no elevated privileges, and the vulnerability could allow an attacker to execute arbitrary scripts in the context of the web interface, potentially leading to session hijacking, unauthorized actions, or information disclosure within the administrative interface of the EVLink WallBox device.

For European organizations deploying Schneider Electric EVLink WallBox charging stations, this vulnerability poses a moderate risk. The EVLink WallBox is commonly used in commercial and residential electric vehicle charging infrastructure, which is increasingly critical as Europe advances its green energy and electric mobility initiatives. Exploitation could allow attackers with authenticated access to execute malicious scripts, potentially leading to theft of session tokens, unauthorized configuration changes, or lateral movement within the network. Although the vulnerability requires authentication and user interaction, it could be leveraged by insiders or attackers who have compromised credentials. This may impact operational continuity, data confidentiality, and the trustworthiness of charging infrastructure management. Given the growing reliance on EV charging stations in Europe, any compromise could disrupt services or expose sensitive operational data. However, since the vulnerability does not affect availability or integrity directly and requires authentication, the overall impact is moderate rather than critical.

To mitigate CVE-2025-5742, European organizations should implement the following specific measures: 1) Restrict and tightly control authenticated access to the EVLink WallBox web interface, enforcing strong authentication mechanisms such as multi-factor authentication (MFA) to reduce the risk of credential compromise. 2) Implement network segmentation and firewall rules to limit access to the device management interface only to trusted administrative networks or VPNs. 3) Monitor and audit user activity on the web interface to detect suspicious configuration changes or anomalous behavior indicative of exploitation attempts. 4) Apply strict input validation and output encoding on all user-supplied data fields in the device’s web interface, if possible through configuration or vendor updates. 5) Engage with Schneider Electric support to obtain patches or firmware updates addressing this vulnerability as soon as they become available, and plan timely deployment. 6) Educate administrators and users with access to the device about the risks of XSS and the importance of not clicking on suspicious links or executing untrusted scripts while authenticated. 7) Consider deploying web application firewalls (WAFs) or intrusion detection systems (IDS) that can detect and block XSS attack patterns targeting the device’s web interface.