CVE-2025-5743 is an OS command injection vulnerability classified under CWE-78, found in Schneider Electric's EVLink WallBox electric vehicle charging stations. The vulnerability exists because the device's web server improperly neutralizes special characters in OS commands when an authenticated user modifies configuration parameters. This improper sanitization allows an attacker with valid credentials to inject arbitrary OS commands, which the system executes with the privileges of the web server process. The vulnerability affects all versions of the product and was published on June 10, 2025. The CVSS 4.0 vector indicates the attack can be performed remotely over the network (AV:N) with low complexity (AC:L), no user interaction (UI:N), but requires high privileges (PR:H) — meaning the attacker must be authenticated. The impact is high on integrity and availability, as arbitrary command execution could disrupt charging operations or allow further compromise of the device and connected infrastructure. Although no public exploits are known yet, the potential for remote control over critical charging infrastructure makes this a significant threat. The lack of patches at publication time necessitates immediate risk mitigation. The vulnerability highlights the importance of secure input validation and access controls in embedded IoT devices managing critical infrastructure.

For European organizations, this vulnerability poses a substantial risk to the availability and integrity of EV charging infrastructure, which is increasingly critical as Europe accelerates electric vehicle adoption. Successful exploitation could allow attackers to disrupt charging services, potentially causing operational downtime and impacting end-users relying on these stations. In critical infrastructure contexts, such as public transportation hubs or commercial fleets, this could cascade into broader service disruptions. Additionally, attackers gaining control over the charging stations could use them as pivot points for lateral movement within organizational networks, risking further compromise. The requirement for authenticated access somewhat limits exposure but does not eliminate risk, especially if credential management is weak or if insider threats exist. The absence of known exploits currently provides a window for proactive mitigation, but the high CVSS score and potential impact warrant urgent attention.

1. Immediately restrict access to the EVLink WallBox management interface by implementing network segmentation and firewall rules to limit connections only to trusted administrative hosts. 2. Enforce strong authentication mechanisms, including multi-factor authentication (MFA), for all users accessing the device's web server. 3. Monitor and audit all configuration changes and command executions on the charging stations for unusual or unauthorized activity. 4. Apply input validation and sanitization controls at the application layer to prevent injection of special characters in configuration parameters, if possible via configuration or firmware updates. 5. Coordinate with Schneider Electric for timely receipt and deployment of official patches or firmware updates addressing this vulnerability. 6. Educate administrators and users on the risks of credential compromise and enforce strict password policies. 7. Consider isolating EV charging infrastructure networks from corporate or public networks to reduce attack surface. 8. Implement intrusion detection systems (IDS) or endpoint detection and response (EDR) solutions capable of identifying anomalous command execution patterns on these devices.