CVE-2025-54564
uploadsm in ChargePoint Home Flex 5.5.4.13 does not validate a user-controlled string for bz2 decompression, which allows command execution as the nobody user.
More information : https://github.com/koharin/CVE/blob/main/CVE-2025-54564
uploadsm in ChargePoint Home Flex 5.5.4.13 does not validate a user-controlled string for bz2 decompression, which allows command execution as the nobody user.
More information : https://github.com/koharin/CVE/blob/main/CVE-2025-54564