CVE-2025-5743 is a high-severity OS command injection vulnerability (CWE-78) found in Schneider Electric's EVLink WallBox, a product used for electric vehicle charging. The vulnerability arises from improper neutralization of special elements in OS commands within the web server interface of the WallBox. Specifically, an authenticated user who has access to modify configuration parameters on the device's web server can exploit this flaw to inject arbitrary OS commands. This can lead to remote control over the charging station, allowing an attacker to execute commands with the privileges of the web server process. The vulnerability affects all versions of the EVLink WallBox, indicating a systemic issue in the product's input validation and command execution logic. The CVSS v4.0 base score is 7.0, reflecting a high severity due to the network attack vector, low attack complexity, no user interaction, and the requirement of high privileges (authenticated user). The impact on confidentiality is low, but integrity and availability impacts are high, as attackers can manipulate device behavior or disrupt charging services. No known exploits are currently reported in the wild, and no patches have been published yet. The vulnerability was reserved and published in June 2025, indicating it is a recent discovery.

For European organizations, the impact of this vulnerability can be significant, especially for entities relying on EVLink WallBox charging stations in their infrastructure, such as corporate campuses, public charging networks, and municipal facilities. Successful exploitation could allow attackers to disrupt electric vehicle charging services, potentially causing operational downtime and impacting business continuity. Furthermore, remote control over charging stations could be leveraged to create safety hazards or be used as a foothold for lateral movement within organizational networks if the devices are connected to internal systems. Given the growing adoption of electric vehicles and associated infrastructure in Europe, this vulnerability poses a risk to critical energy and transportation sectors. The requirement for authenticated access somewhat limits the attack surface but does not eliminate risk, as credential compromise or insider threats could enable exploitation. Additionally, the lack of patches increases exposure time, emphasizing the urgency for mitigation.

1. Immediate mitigation should focus on restricting access to the EVLink WallBox web server interface to trusted personnel only, using network segmentation and firewall rules to limit exposure. 2. Enforce strong authentication mechanisms and credential management policies to reduce the risk of unauthorized access. 3. Monitor logs and network traffic for unusual activities indicative of command injection attempts or unauthorized configuration changes. 4. Until an official patch is released, consider disabling remote configuration capabilities if feasible or deploying compensating controls such as Web Application Firewalls (WAFs) with custom rules to detect and block command injection patterns. 5. Engage with Schneider Electric support channels to obtain information on forthcoming patches or firmware updates and plan timely deployment. 6. Conduct security awareness training for administrators managing these devices to recognize and prevent misuse of credentials and configuration interfaces. 7. Implement regular vulnerability scanning and penetration testing focused on EV charging infrastructure to identify and remediate similar issues proactively.