PatchSiren cyber security CVE debrief
CVE-2025-5743 Schneider Electric CVE debrief
CVE-2025-5743 is a medium-severity OS command injection issue in Schneider Electric EVLink WallBox. According to the vendor and CISA advisory, an authenticated user who changes web-server configuration parameters may gain remote control of the charging station. The product is end-of-life, so Schneider Electric does not list a traditional fix for the affected line and instead recommends mitigation plus migration to EVLink Pro AC.
- Vendor
- Schneider Electric
- Product
- EVLink WallBox
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-06-10
- Original CVE updated
- 2025-07-08
- Advisory published
- 2025-06-10
- Advisory updated
- 2025-07-08
Who should care
Organizations that operate Schneider Electric EVLink WallBox chargers, especially OT/ICS security teams, facility operators, and network administrators responsible for the device’s web management access.
Technical summary
The advisory identifies CWE-78, improper neutralization of special elements used in an OS command. The affected product is Schneider Electric EVLink WallBox, all versions. The supplied CVSS v3.1 vector is AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:N, which scores 5.5 (Medium). The key security condition is that the attacker must be authenticated before modifying configuration parameters on the web server. Because the device is end-of-life, remediation is centered on reducing exposure of the HTTP interface, tightening credentials, reviewing logs, and replacing the product with the supported EVLink Pro AC where feasible.
Defensive priority
Medium; raise priority if the web management interface is reachable from untrusted or broadly shared networks.
Recommended defensive actions
- Restrict access to the EVLink WallBox web interface to a trusted management network only.
- Implement network segmentation and firewall rules to block unauthorized HTTP access.
- Review access logs periodically for suspicious configuration changes or login activity.
- Use strong, unique passwords and change them on a regular schedule.
- Treat the product as end-of-life and plan migration to Schneider Electric EVLink Pro AC.
- Validate that only authorized personnel can administer the device and remove stale accounts where possible.
Evidence notes
CISA CSAF advisory ICSA-25-175-04 and Schneider Electric’s security notice describe a CWE-78 OS command injection affecting EVLink WallBox all versions. The advisory states that an authenticated user modifying web-server configuration parameters could cause remote control of the charging station. The supplied CVSS vector is AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:N (5.5, Medium). The product is listed as end-of-life, with mitigation guidance focused on segmentation, blocking HTTP access, log review, and password hygiene.
Official resources
-
CVE-2025-5743 CVE record
CVE.org
-
CVE-2025-5743 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
CISA and Schneider Electric published the advisory on 2025-06-10 and revised it on 2025-07-08. The affected EVLink WallBox line is end-of-life, and Schneider Electric directs customers toward EVLink Pro AC as the replacement offering.