CVE-2025-5873 is a medium-severity vulnerability identified in the eCharge Hardy Barth Salia PLCC product, specifically version 2.2.0. The vulnerability resides in the web user interface component, within the /firmware.php file. It involves improper handling of the 'media' argument, which allows an attacker to perform an unrestricted file upload. This means that an attacker can remotely upload arbitrary files to the system without authentication or user interaction, potentially leading to unauthorized code execution or system compromise. The vulnerability is exploitable remotely over the network, with low attack complexity and no privileges or user interaction required. Although the CVSS 4.0 base score is 5.3 (medium), the unrestricted upload nature of the flaw presents a significant risk, as it can be leveraged to deploy malicious payloads such as web shells or ransomware. The vendor has been contacted but has not responded or issued a patch, and while no exploits are currently known to be in the wild, the public disclosure of the exploit code increases the likelihood of exploitation attempts. The vulnerability affects only version 2.2.0 of the product, and no mitigations or patches have been provided to date.

For European organizations using the eCharge Hardy Barth Salia PLCC 2.2.0 product, this vulnerability poses a tangible risk to confidentiality, integrity, and availability. Successful exploitation could allow attackers to upload malicious files, leading to unauthorized access, data theft, or disruption of services. Given that the product is related to charging infrastructure (implied by the vendor and product name), organizations in sectors such as electric vehicle charging networks, energy providers, or smart infrastructure could face operational disruptions or compromise of critical systems. The lack of vendor response and patch availability increases exposure time, raising the risk of targeted attacks. Additionally, the ability to exploit remotely without authentication makes it easier for attackers to target vulnerable systems across networks. This could result in reputational damage, regulatory penalties under GDPR for data breaches, and financial losses due to service downtime or remediation costs.

Since no official patch or vendor guidance is available, European organizations should implement the following specific mitigations: 1) Immediately isolate or restrict network access to the affected /firmware.php endpoint using web application firewalls (WAFs) or network segmentation to prevent unauthorized uploads. 2) Employ strict input validation and filtering at the perimeter to block suspicious file upload attempts targeting the 'media' parameter. 3) Monitor logs and network traffic for unusual POST requests to /firmware.php or attempts to upload files, enabling early detection of exploitation attempts. 4) If possible, downgrade or upgrade the product to a version not affected by this vulnerability, or consider temporary removal of the vulnerable component until a patch is released. 5) Implement application-layer authentication and access controls to restrict access to the web UI, even if the product does not enforce it by default. 6) Conduct internal vulnerability scans and penetration tests focused on this endpoint to identify exposure. 7) Prepare incident response plans specific to web shell or malware deployment scenarios stemming from this vulnerability.