CVE-2025-48415

Summary

A USB backdoor feature can be triggered by attaching a USB drive that contains specially crafted "salia.ini" files. The .ini file can contain several "commands" that could be exploited by an attacker to export or modify the device configuration, enable an SSH backdoor  or perform other administrative actions. Ultimately, this backdoor also allows arbitrary execution of OS commands.

Affected Software

VendorProductVersion RangeStatus
eCharge Hardy BarthcPH2 / cPP2 charging stations<=2.2.0affected

Weaknesses

  • CWE-749: CWE-749 Exposed Dangerous Method or Function

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References