SQL Injection in Mennekes Smart / Premium Charging Stations
CVE-2025-22370
Many fields for the web configuration interface of the firmware for Mennekes Smart / Premium Chargingpoints can be abused to execute arbitrary SQL commands because the values are insufficiently neutralized.
Vulnerability class: SQL Injection
EPSS: 0.004 (31.0th percentile) — read the EPSS interpretation.
Affected products
Weakness classification (CWE)
References
- csirt@divd.nl (third-party-advisory)
- csirt@divd.nl (vendor-advisory)
- csirt@divd.nl (release-notes)