CVE-2025-22367 HIGH

CVE-2025-22367: Mennekes smart/premium charges systems, Command injection in time setting

Vendor Mennekes

Product Smart / Premium charging stations

Weakness CWE-78

Published March 11, 2025

Last update April 1, 2025

View on NVD All CVEs

CVSS base score

8.7/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:N/SA:N/S:N/AU:Y

What the vulnerability does

01Description

The authenticated time setting capability of the firmware for Mennekes Smart / Premium Chargingpoints can be abused for command execution because OS command are improperly neutralized when certain fields are passed to the underlying OS.

Key dates

02Disclosure timeline

March 11, 2025 CVE published

April 1, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-22367

Related vulnerabilities

04Related CVE

CVE-2025-64755 @anthropic-ai/claude-code has Sed Command Validation Bypass that Allows Arbitrary File Writes CVE-2023-3570 PHOENIX CONTACT: OS Command Injection in WP 6xxx Web panels CVE-2024-28254 SpEL Injection in `GET /api/v1/events/subscriptions/validation/condition/<expr>` in OpenMetadata CVE-2025-15519 Command Injection in Modem Management CLI on TP-Link Archer NX200, NX210, NX500 and NX600 CVE-2019-1699 Cisco Firepower Threat Defense Software Command Injection Vulnerability