Web-based Management Vulnerability in PLCnext Control by Phoenix Contact
CVE-2025-41669

8.7HIGH

Key Information:

Vendor: Phoenix Contact
Status: Axc F 1152; Axc F 1252; Axc F 2000 Ea; Axc F 2152
Vendor: CVE Published:; 27 May 2026

🔔 Create Phoenix Contact Vulnerability Alert

What is CVE-2025-41669?

The web-based management interface of the PLCnext Control by Phoenix Contact is susceptible to a security flaw that allows low-privileged Engineer users to install unverified applications downloaded from the PLCnext Store. This issue arises because the system does not implement thorough data verification mechanisms, enabling potential exploitation that could lead to arbitrary code execution with root privileges on the PLC device. The ramifications of this vulnerability could result in unauthorized manipulation of app packages, jeopardizing both the integrity and availability of the PLCnext Control.

Affected Version(s)

AXC F 1152 0.0.0 < 2026.0.3

AXC F 1252 0.0.0 < 2026.0.3

AXC F 2000 EA 0.0.0 < 2026.0.3

References

https://www.certvde.com/en/advisories/VDE-2026-050/

CVSS V4

Score:

8.7

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 27, 2026
Vulnerability Reserved
Apr 16, 2025

Credit

Diego Giubertoni from Nozomi

CVE-2025-41669 Data

JSON