CVE-2025-54564 | THREATINT

Description

uploadsm in ChargePoint Home Flex 5.5.4.13 does not validate a user-controlled string for bz2 decompression, which allows command execution as the nobody user.

PUBLISHED Reserved 2025-07-25 | Published 2025-08-01 | Updated 2025-08-01 | Assigner mitre

References

github.com/koharin/CVE/blob/main/CVE-2025-54564

cve.org (CVE-2025-54564)

nvd.nist.gov (CVE-2025-54564)

Download JSON