API Configuration Vulnerability in Affected Product by Vendor
CVE-2025-25268

8.8HIGH

Key Information:

Vendor: Phoenix Contact
Status: Charx Sec-3150; Charx Sec-3100; Charx Sec-3050; Charx Sec-3000
Vendor: CVE Published:; 8 July 2025

🔔 Create Phoenix Contact Vulnerability Alert

What is CVE-2025-25268?

An unauthenticated adjacent attacker can exploit this vulnerability by sending crafted requests to a specific API endpoint. This exploitation results in unauthorized read and write access due to the absence of proper authentication measures, allowing attackers to modify critical configuration settings within the affected product.

Affected Version(s)

CHARX SEC-3000 0.0.0 < 1.7.3

CHARX SEC-3050 0.0.0 < 1.7.3

CHARX SEC-3100 0.0.0 < 1.7.3

References

https://certvde.com/de/advisories/VDE-2025-019

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 8, 2025
Vulnerability Reserved
Feb 6, 2025

Credit

HT3 Labs