PatchSiren cyber security CVE debrief
CVE-2025-5740 Schneider Electric CVE debrief
CVE-2025-5740 is a high-severity CWE-22 path traversal issue in Schneider Electric EVLink WallBox. The advisory states that an authenticated user on the web server can manipulate a file path and cause arbitrary file writes. CISA updated the advisory on 2025-07-08 to clarify that authentication is required. Schneider Electric lists EVLink WallBox as end of life and says no fix is planned, so owners should focus on containment, access restriction, and migration planning.
- Vendor
- Schneider Electric
- Product
- EVLink WallBox
- CVSS
- HIGH 7.2
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-06-10
- Original CVE updated
- 2025-07-08
- Advisory published
- 2025-06-10
- Advisory updated
- 2025-07-08
Who should care
Operators and asset owners running Schneider Electric EVLink WallBox, OT or facility security teams, administrators of shared web interfaces, and anyone responsible for network segmentation and firewall controls around EV charging equipment.
Technical summary
The source advisory identifies a CWE-22 improper limitation of a pathname to a restricted directory. Impact is arbitrary file writes when an authenticated user manipulates a file path on the web server. The supplied CVSS vector is CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H, which aligns with a network-reachable issue that still requires high privileges. The advisory revision history shows the initial release on 2025-06-10 and a 2025-07-08 update clarifying the attacker must be authenticated. Affected product scope is Schneider Electric EVLink WallBox all versions.
Defensive priority
High. Prioritize any exposed or shared-admin EVLink WallBox deployment, especially where HTTP access is not tightly segmented. Because the product is end of life and no fix is planned, containment and replacement should be treated as urgent.
Recommended defensive actions
- Restrict access to the device web interface; block unauthorized HTTP access with firewalls and network segmentation.
- Review access logs periodically for suspicious or unexpected web administration activity.
- Enforce strong unique passwords and avoid shared credentials for any authenticated web access.
- Treat affected EVLink WallBox systems as end-of-life assets and plan migration to Schneider Electric EVLink Pro AC.
- Validate that compensating controls are in place wherever the product remains deployed, since no vendor fix is planned for EVLink WallBox.
Evidence notes
The CISA CSAF advisory ICSA-25-175-04 names Schneider Electric EVLink WallBox all versions as affected and describes the issue as CWE-22 path traversal causing arbitrary file writes. The revision history explicitly states that the 2025-07-08 update clarified attacker authentication is required. The advisory remediations state that EVLink WallBox has reached end of life and no fix is planned, and recommend segmentation, firewalling HTTP access, log review, and password hygiene. The source also lists EVLink Pro AC as the replacement product offering.
Official resources
-
CVE-2025-5740 CVE record
CVE.org
-
CVE-2025-5740 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed by CISA and Schneider Electric on 2025-06-10, with a 2025-07-08 advisory update clarifying that the attacker must be authenticated.