CVE-2025-41666

Summary

A low privileged remote attacker with file access can replace a critical file used by the watchdog to get read, write and execute access to any file on the device after the watchdog has been initialized.

Affected Software

VendorProductVersion RangeStatus
PHOENIX CONTACTAXC F 11520 < 2025.0.2affected
PHOENIX CONTACTAXC F 21520 < 2025.0.2affected
PHOENIX CONTACTAXC F 31520 < 2025.0.2affected
PHOENIX CONTACTBPC 9102S0 < 2025.0.2affected
PHOENIX CONTACTRFC 4072S0 < 2025.0.2affected

Weaknesses

  • CWE-59: CWE-59 Improper Link Resolution Before File Access ('Link Following')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References