CVE-2025-41699

Summary

An low privileged remote attacker with an account for the Web-based management can change the system configuration to perform a command injection as root, resulting in a total loss of confidentiality, availability and integrity due to improper control of generation of code ('Code Injection').

Affected Software

VendorProductVersion RangeStatus
Phoenix ContactCHARX SEC-31500.0.0 < 1.7.4affected
Phoenix ContactCHARX SEC-31000.0.0 < 1.7.4affected
Phoenix ContactCHARX SEC-30500.0.0 < 1.7.4affected
Phoenix ContactCHARX SEC-30000.0.0 < 1.7.4affected

Weaknesses

  • CWE-94: CWE-94 Improper Control of Generation of Code ('Code Injection')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References