CVE-2025-48415

CVE-2025-48415: Backdoor Functionality via USB Drive in eCharge Hardy Barth cPH2 / cPP2 charging stations

Vendor Echarge Hardy Barth
Product cPH2 / cPP2 charging stations
Weakness CWE-749
Published May 21, 2025
Last update November 3, 2025

CVSS base score

What the vulnerability does

01Description

A USB backdoor feature can be triggered by attaching a USB drive that contains specially crafted "salia.ini" files. The .ini file can contain several "commands" that could be exploited by an attacker to export or modify the device configuration, enable an SSH backdoor  or perform other administrative actions. Ultimately, this backdoor also allows arbitrary execution of OS commands.

Key dates

02Disclosure timeline

May 21, 2025 CVE published
November 3, 2025 Record updated