Security Advisory

CVE-2025-54564

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-08-01 00:00:00

Last updated 2025-08-01 19:29:50

Assigner mitre

State PUBLISHED

Description

uploadsm in ChargePoint Home Flex 5.5.4.13 does not validate a user-controlled string for bz2 decompression, which allows command execution as the nobody user.

← Browse all CVEs View on cve.org ↗