CVE-2025-41670

Summary

A local user with low privileges may be able to influence the behavior of a privileged system service by manipulating configuration or application-related files located in user-writable areas of the filesystem. The affected service processes data from locations that are not sufficiently protected against modification by low-privileged users. As the service runs with elevated privileges, successful exploitation may result in a local privilege escalation.

Affected Software

VendorProductVersion RangeStatus
Phoenix ContactAXC F 11520.0.0 < 2026.0.3affected
Phoenix ContactAXC F 12520.0.0 < 2026.0.3affected
Phoenix ContactAXC F 2000 EA0.0.0 < 2026.0.3affected
Phoenix ContactAXC F 21520.0.0 < 2026.0.3affected
Phoenix ContactAXC F 31520.0.0 < 2026.0.3affected
Phoenix ContactBPC 9102S0.0.0 < 2026.0.3affected
Phoenix ContactEPC 15220.0.0 < 2026.0.3affected
Phoenix ContactRFC 4072R0.0.0 < 2026.0.3affected
Phoenix ContactRFC 4072S0.0.0 < 2026.0.3affected
Phoenix ContactVL3 UPC 2440 EDGE0.0.0 < 2026.0.3affected
Phoenix ContactVPLCNEXT CONTROL 10000.0.0 < 2026.0.3affected
Phoenix ContactVPLCNEXT CONTROL 20000.0.0 < 2026.0.3affected
Phoenix ContactVPLCNEXT CONTROL 30000.0.0 < 2026.0.3affected
Phoenix ContactVPLCNEXT CONTROL 5000.0.0 < 2026.0.3affected

Weaknesses

  • CWE-427: CWE-427 Uncontrolled Search Path Element

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References