Details of VAR-202506-0484

ID

VAR-202506-0484

CVE

CVE-2025-5741

TITLE

Schneider Electric EVLink WallBox Path Traversal Vulnerability (CNVD-2025-15345)

Trust: 0.6

sources: CNVD: CNVD-2025-15345

DESCRIPTION

CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause arbitrary file reads from the charging station. The exploitation of this vulnerability does require an authenticated session of the web server. Schneider Electric EVLink WallBox is a home charging station from Schneider Electric of France. Attackers can exploit this vulnerability to cause arbitrary file reading

Trust: 1.44

sources: NVD: CVE-2025-5741 // CNVD: CNVD-2025-15345

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-15345

AFFECTED PRODUCTS

vendor:

schneider

model:

electric evlink wallbox

scope:

version:

Trust: 0.6

sources: CNVD: CNVD-2025-15345

CVSS

SEVERITY

CVSSV2

CVSSV3

cybersecurity@se.com:	CVE-2025-5741
value:	MEDIUM
Trust: 1.0
CNVD:	CNVD-2025-15345
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2025-15345
severity:	MEDIUM
baseScore:	6.1
vectorString:	AV:N/AC:L/AU:M/C:C/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	MULTIPLE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	6.4
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

cybersecurity@se.com:	CVE-2025-5741
baseSeverity:	MEDIUM
baseScore:	4.9
vectorString:	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.2
impactScore:	3.6
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2025-15345 // NVD: CVE-2025-5741

PROBLEMTYPE DATA

problemtype:

CWE-22

Trust: 1.0

sources: NVD: CVE-2025-5741

PATCH

title:

Patch for Schneider Electric EVLink WallBox Path Traversal Vulnerability (CNVD-2025-15345)

url:

https://www.cnvd.org.cn/patchInfo/show/706296

Trust: 0.6

sources: CNVD: CNVD-2025-15345

EXTERNAL IDS

db:	NVD	id:	CVE-2025-5741	Trust: 1.6
db:	SCHNEIDER	id:	SEVD-2025-161-03	Trust: 1.0
db:	CNVD	id:	CNVD-2025-15345	Trust: 0.6

sources: CNVD: CNVD-2025-15345 // NVD: CVE-2025-5741

REFERENCES

url:	https://download.schneider-electric.com/files?p_doc_ref=sevd-2025-161-03&p_endoctype=security+and+safety+notice&p_file_name=sevd-2025-161-03.pdf	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2025-5741	Trust: 0.6

sources: CNVD: CNVD-2025-15345 // NVD: CVE-2025-5741

SOURCES

db:	CNVD	id:	CNVD-2025-15345
db:	NVD	id:	CVE-2025-5741

LAST UPDATE DATE

2025-07-10T22:55:23.894000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-15345	date:	2025-07-09T00:00:00
db:	NVD	id:	CVE-2025-5741	date:	2025-06-12T16:06:39.330

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-15345	date:	2025-07-09T00:00:00
db:	NVD	id:	CVE-2025-5741	date:	2025-06-10T09:15:25.290