OpenSSH Hard-Coded Root /etc/shadow Entry (CVE-2025-48416)
CVE-2025-48416 Published on May 21, 2025

Backdoor Functionality via SSH in eCharge Hardy Barth cPH2 / cPP2 charging stations
An OpenSSH daemon listens on TCP port 22. There is a hard-coded entry in the "/etc/shadow" file in the firmware image for the "root" user. However, in the default SSH configuration the "PermitRootLogin" is disabled, preventing the root user from logging in via SSH. This configuration can be bypassed/changed by an attacker through multiple paths though.

NVD

Vulnerability Analysis

CVE-2025-48416 is exploitable with network access, and does not require authorization privileges or user interaction. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to be very high.

Attack Vector:
NETWORK
Attack Complexity:
HIGH
Privileges Required:
NONE
User Interaction:
NONE
Scope:
UNCHANGED
Confidentiality Impact:
HIGH
Integrity Impact:
HIGH
Availability Impact:
HIGH

Weakness Type

Hidden Functionality

The software contains functionality that is not documented, not part of the specification, and not accessible through an interface or command sequence that is obvious to the software's users or administrators. Hidden functionality can take many forms, such as intentionally malicious code, "Easter Eggs" that contain extraneous functionality such as games, developer-friendly shortcuts that reduce maintenance or support costs such as hard-coded accounts, etc. From a security perspective, even when the functionality is not intentionally malicious or damaging, it can increase the software's attack surface and expose additional weaknesses beyond what is already exposed by the intended functionality. Even if it is not easily accessible, the hidden functionality could be useful for attacks that modify the control flow of the application.


Products Associated with CVE-2025-48416

Want to know whenever a new CVE is published for OpenBSD OpenSSH? stack.watch will email you.

OpenBSD OpenSSH
 

Affected Versions

eCharge Hardy Barth cPH2 / cPP2 charging stations Version <=2.2.0 is affected by CVE-2025-48416

Exploit Probability

EPSS
0.09%
Percentile
26.29%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.