CVE-2025-54564

Publication date

2025-08-01 00:00:00

Family

mitre

State

PUBLISHED

Description

uploadsm in ChargePoint Home Flex 5.5.4.13 does not validate a user-controlled string for bz2 decompression, which allows command execution as the nobody user.