CVE-2025-48415

MEDIUM

USB Device - RCE

Title source: llm

Description

A USB backdoor feature can be triggered by attaching a USB drive that contains specially crafted "salia.ini" files. The .ini file can contain several "commands" that could be exploited by an attacker to export or modify the device configuration, enable an SSH backdoor or perform other administrative actions. Ultimately, this backdoor also allows arbitrary execution of OS commands.

References (2)

[Various Sources] https://r.sec-consult.com/echarge

[Mailing List] http://seclists.org/fulldisclosure/2025/May/23

Scores

CVSS v3 6.2

EPSS 0.0010

EPSS Percentile 26.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-749

Status published

Products (1)

eCharge Hardy Barth/cPH2 / cPP2 charging stations <=2.2.0

Published May 21, 2025

Tracked Since Feb 18, 2026