Buffer Copy Vulnerability in USB-C Devices by Vendor A
CVE-2025-24004

5.2MEDIUM

Key Information:

Vendor: Phoenix Contact
Status: Charx Sec-3150; Charx Sec-3100; Charx Sec-3050; Charx Sec-3000
Vendor: CVE Published:; 8 July 2025

🔔 Create Phoenix Contact Vulnerability Alert

What is CVE-2025-24004?

A vulnerability exists in USB-C devices that allows an attacker with physical access to exploit the device through a malicious message sent over USB-C. This can trigger an unsecure copy to a buffer, jeopardizing the integrity of the device's data and leading to a temporary denial-of-service until the device restarts via the watchdog mechanism. It highlights the importance of physical security measures to mitigate risks associated with unauthorized device access.

Affected Version(s)

CHARX SEC-3000 0.0.0 <= 1.6.5

CHARX SEC-3050 0.0.0 <= 1.6.5

CHARX SEC-3100 0.0.0 <= 1.6.5

References

https://certvde.com/de/advisories/VDE-2025-014

CVSS V3.1

Score:

5.2

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Physical

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 8, 2025
Vulnerability Reserved
Jan 16, 2025

Credit

Jesson Soto Ventura

Matthew Waddell