Insecure Configuration Interface in OCPP Backend by a Leading Vendor
CVE-2025-25271

8.8HIGH

Key Information:

Vendor: Phoenix Contact
Status: Charx Sec-3150; Charx Sec-3100; Charx Sec-3050; Charx Sec-3000
Vendor: CVE Published:; 8 July 2025

🔔 Create Phoenix Contact Vulnerability Alert

What is CVE-2025-25271?

An adjacent attacker can exploit insecure default settings in the OCPP backend's configuration interface, allowing unauthorized configuration changes. This vulnerability presents a critical risk as it enables potential manipulation of the backend system, eroding the integrity and security of connected devices. Proper security measures and configurations are essential to mitigate this risk and protect against unauthorized access.

Affected Version(s)

CHARX SEC-3000 0.0.0 < 1.7.3

CHARX SEC-3050 0.0.0 < 1.7.3

CHARX SEC-3100 0.0.0 < 1.7.3

References

https://certvde.com/de/advisories/VDE-2025-019

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 8, 2025
Vulnerability Reserved
Feb 6, 2025

Credit

The Synacktiv team