Unauthorized File Access Vulnerability in Service Security Profile by Vendor
CVE-2025-41668

8.8HIGH

Key Information:

Vendor: Phoenix Contact
Status: Axc F 1152; Axc F 2152; Axc F 3152; Bpc 9102s
Vendor: CVE Published:; 8 July 2025

🔔 Create Phoenix Contact Vulnerability Alert

What is CVE-2025-41668?

A vulnerability exists in the service security profile that allows low privileged remote attackers to exploit file access permissions. By replacing critical service files or folders, these attackers can potentially gain read, write, and execute access to any file on the affected device. This weakness raises serious security concerns, as it could lead to unauthorized information disclosure, data manipulation, or system compromise.

Affected Version(s)

AXC F 1152 0 < 2025.0.2

AXC F 2152 0 < 2025.0.2

AXC F 3152 0 < 2025.0.2

References

https://certvde.com/en/advisories/VDE-2025-054

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 8, 2025
Vulnerability Reserved
Apr 16, 2025

Credit

Nozomi