Local Privilege Escalation Vulnerability in Affected Devices by CERT-VDE
CVE-2025-24006

7.8HIGH

Key Information:

Vendor: Phoenix Contact
Status: Charx Sec-3150; Charx Sec-3100; Charx Sec-3050; Charx Sec-3000
Vendor: CVE Published:; 8 July 2025

🔔 Create Phoenix Contact Vulnerability Alert

What is CVE-2025-24006?

A local privilege escalation vulnerability exists in certain devices due to insecure permissions configured on SSH. An attacker with low privileges could exploit this weakness to gain elevated privileges, potentially allowing unauthorized access to sensitive system functions. This highlights the importance of securing SSH configurations and ensuring proper permission settings to mitigate such risks.

Affected Version(s)

CHARX SEC-3000 0.0.0 < 1.7.3

CHARX SEC-3050 0.0.0 < 1.7.3

CHARX SEC-3100 0.0.0 < 1.7.3

References

https://certvde.com/de/advisories/VDE-2025-014

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 8, 2025
Vulnerability Reserved
Jan 16, 2025

Credit

Jesson Soto Ventura

Matthew Waddell