CVE-2025-5741 Schneider Electric CVE debrief

Who should care

Operators of Schneider Electric EVLink WallBox charging stations, OT/ICS security teams, facility managers, and anyone responsible for networks that expose the device’s web interface.

Technical summary

The advisory describes a path traversal weakness in the EVLink WallBox web server that can be used to read arbitrary files from the charging station. The published CVSS vector is CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N, which reflects network reachability, high privileges required, and a confidentiality-only impact profile. CISA’s CSAF record and Schneider Electric’s notice both say the exploitation requires an authenticated session.

Defensive priority

Medium. Prioritize this more urgently if the charging station’s web interface is reachable outside a tightly controlled management network or if credential hygiene is weak.

Recommended defensive actions

• Block unauthorized access to the device’s HTTP interface with firewall rules and network segmentation.
• Limit management access to trusted administrative networks only.
• Review device access logs periodically for suspicious requests or file-access attempts.
• Use strong, unique passwords and do not share credentials; change them periodically.
• Plan migration to Schneider Electric EVLink Pro AC, since EVLink WallBox is end of life and no fix is planned for affected versions.

Evidence notes

CISA’s CSAF advisory ICSA-25-175-04 (published 2025-06-10, modified 2025-07-08) lists CVE-2025-5741 for Schneider Electric EVLink WallBox all versions and describes a CWE-22 path traversal that can cause arbitrary file reads, requiring an authenticated web server session. The Schneider Electric security notice SEVD-2025-161-03 contains the same vulnerability description and mitigation guidance. The supplied source corpus also marks the product as end of life and indicates no fix is planned.

Official resources