CVE-2025-25270

Summary

An unauthenticated remote attacker can alter the device configuration in a way to get remote code execution as root with specific configurations.

Affected Software

VendorProductVersion RangeStatus
Phoenix ContactCHARX SEC-31500.0.0 < 1.7.3affected
Phoenix ContactCHARX SEC-31000.0.0 < 1.7.3affected
Phoenix ContactCHARX SEC-30500.0.0 < 1.7.3affected
Phoenix ContactCHARX SEC-30000.0.0 < 1.7.3affected

Weaknesses

  • CWE-913: CWE-913 Improper Control of Dynamically-Managed Code Resources

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References