Authentication Bypass Vulnerability in Operating System Root User Credentials by Vendor
CVE-2025-48413

7.7HIGH

Key Information:

Vendor: Echarge Hardy Barth
Status: Cph2 / Cpp2 Charging Stations
Vendor: CVE Published:; 21 May 2025

🔔 Create Echarge Hardy Barth Vulnerability Alert

What is CVE-2025-48413?

The vulnerability exposes hard-coded password hashes for the root user within the /etc/passwd and /etc/shadow files, due to an oversight in the update files. These credentials are included by default, presenting significant security risks as users cannot alter or delete the hard-coded passwords. This flaw allows an attacker to leverage these credentials to gain unauthorized access via SSH or potentially through direct physical access methods such as UART shell, making it imperative for affected users to assess their systems for any potential exploitation.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

cPH2 / cPP2 charging stations <=2.2.0

References

https://r.sec-consult.com/echarge

third-party-advisory

CVSS V3.1

Score:

7.7

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 21, 2025
Vulnerability Reserved
May 20, 2025

Credit

Stefan Viehböck | SEC Consult Vulnerability Lab

JSON

Echarge Hardy Barth

What is CVE-2025-48413?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.