CVE Details
Basic Information
| Title | CVE-2025-54564 |
|---|---|
| Type | cve |
| Published | 2025-08-01T18:15:55 |
| Last Seen | 2025-08-01T20:39:18 |
| Modified | 2025-08-01T20:15:29 |
CVSS Information
| Base Score | 7.8 (HIGH) |
|---|---|
| Attack Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
AI Analysis
| AI Description | A vulnerability in ChargePoint Home Flex allows command execution via unvalidated bz2 decompression, potentially leading to system compromise. |
|---|---|
| AI Severity | High |
| AI Vendor | ChargePoint, Inc. |
| AI Product | ChargePoint Home Flex |
| AI Version | 5.5.4.13 |
Additional Information
| CVE List | CVE-2025-54564 |
|---|---|
| CWE List | CWE-20, CWE-77 |
| Bulletin Family | cve |
Description
uploadsm in ChargePoint Home Flex 5.5.4.13 does not validate a user-controlled string for bz2 decompression, which allows command execution as the nobody user.