CVE-2025-54564

Published
View on NVD ↗
CVSS v3
7.8
HIGH
CVSS v2
N/A
Affected
1
PROJECT

Description

uploadsm in ChargePoint Home Flex 5.5.4.13 does not validate a user-controlled string for bz2 decompression, which allows command execution as the nobody user.

koharin/CVE
koharin/CVE
GitHubGitHub