CVE-2025-41668

Summary

A low privileged remote attacker with file access can replace a critical file or folder used by the service security-profile to get read, write and execute access to any file on the device.

Affected Software

VendorProductVersion RangeStatus
PHOENIX CONTACTAXC F 11520 < 2025.0.2affected
PHOENIX CONTACTAXC F 21520 < 2025.0.2affected
PHOENIX CONTACTAXC F 31520 < 2025.0.2affected
PHOENIX CONTACTBPC 9102S0 < 2025.0.2affected
PHOENIX CONTACTRFC 4072S0 < 2025.0.2affected

Weaknesses

  • CWE-59: CWE-59 Improper Link Resolution Before File Access ('Link Following')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References