API Configuration Vulnerability in Affected Product by Vendor
CVE-2025-25268
What is CVE-2025-25268?
CVE-2025-25268 is a significant vulnerability found within a software product developed by Phoenix Contact. This vulnerability stems from an API configuration issue that allows unauthenticated adjacent attackers to interact with the system inappropriately. By sending specially crafted requests to a specific API endpoint, attackers can gain unauthorized read and write access to the configuration settings of the product due to a lack of adequate authentication processes. This flaw can lead to severe security concerns, including the potential alteration of critical system configurations, which may result in unauthorized operations or data exposure, impacting the integrity and confidentiality of sensitive information within an organization.
Potential impact of CVE-2025-25268
-
Unauthorized Configuration Changes: Attackers exploiting this vulnerability can modify system configurations, leading to altered behaviors of the affected software or device, which may disrupt normal operations and services.
-
Data Exposure and Integrity Risks: With read access to sensitive configuration settings, attackers can glean critical information, potentially leading to data breaches, manipulation, or exploitation of additional vulnerabilities.
-
Increased Attack Surface: The ability to write to configurations could allow attackers to set up backdoors, conduct further attacks, or compromise additional connected systems, thereby widening the threat landscape for the organization.
Affected Version(s)
CHARX SEC-3000 0.0.0 < 1.7.3
CHARX SEC-3050 0.0.0 < 1.7.3
CHARX SEC-3100 0.0.0 < 1.7.3