Remote Code Execution Vulnerability in Network Configuration Tool by Vendor
CVE-2025-41667

8.8HIGH

Key Information:

Vendor: Phoenix Contact
Status: Axc F 1152; Axc F 2152; Axc F 3152; Bpc 9102s
Vendor: CVE Published:; 8 July 2025

🔔 Create Phoenix Contact Vulnerability Alert

What is CVE-2025-41667?

A vulnerability exists in the network configuration tool that allows a remote attacker with limited privileges to manipulate a critical file utilized by the arp-preinit script. This exploitation can grant unauthorized read, write, and execute permissions to any file on the device, potentially compromising the system's integrity and security.

Affected Version(s)

AXC F 1152 0 < 2025.0.2

AXC F 2152 0 < 2025.0.2

AXC F 3152 0 < 2025.0.2

References

https://certvde.com/en/advisories/VDE-2025-054

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 8, 2025
Vulnerability Reserved
Apr 16, 2025

Credit

Nozomi