Remote Code Execution Vulnerability in Affected Device Configuration by Vendor
CVE-2025-25270

9.8CRITICAL

Key Information:

Vendor: Phoenix Contact
Status: Charx Sec-3150; Charx Sec-3100; Charx Sec-3050; Charx Sec-3000
Vendor: CVE Published:; 8 July 2025

🔔 Create Phoenix Contact Vulnerability Alert

What is CVE-2025-25270?

This vulnerability allows an unauthenticated remote attacker to exploit specific configurations in the affected device, potentially enabling unauthorized modifications to its settings. Such misconfigurations could lead to remote code execution as root, providing the attacker with elevated privileges and control over the device. Organizations using the affected product should prioritize patching and implementing security measures to mitigate the risks associated with this vulnerability.

Affected Version(s)

CHARX SEC-3000 0.0.0 < 1.7.3

CHARX SEC-3050 0.0.0 < 1.7.3

CHARX SEC-3100 0.0.0 < 1.7.3

References

https://certvde.com/de/advisories/VDE-2025-019

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 8, 2025
Vulnerability Reserved
Feb 6, 2025

Credit

Tobias Scharnowski

Felix Buchmann

Kristian Covic