CVE-2025-27804

CVE-2025-27804: OS Command Injection Vulnerability in eCharge Hardy Barth cPH2 / cPP2 charging stations

Vendor Echarge Hardy Barth
Product cPH2 / cPP2 charging stations
Weakness CWE-78
Published May 21, 2025
Last update November 3, 2025

CVSS base score

What the vulnerability does

01Description

Several OS command injection vulnerabilities exist in the device firmware in the /var/salia/mqtt.php script. By publishing a specially crafted message to a certain MQTT topic arbitrary OS commands can be executed with root permissions.

Key dates

02Disclosure timeline

May 21, 2025 CVE published
November 3, 2025 Record updated