Unauthorized Access Vulnerability in PCB Devices by Certain Vendors
CVE-2025-41696

4.6MEDIUM

Key Information:

Vendor: Phoenix Contact
Status: Fl Switch 2005; Fl Switch 2008; Fl Switch 2016; Fl Switch 2105
Vendor: CVE Published:; 9 December 2025

🔔 Create Phoenix Contact Vulnerability Alert

What is CVE-2025-41696?

An undocumented UART port present on certain PCB devices can be exploited by an attacker to access user hardcoded credentials. By leveraging these credentials, an attacker can read sensitive parts of the device's filesystem, potentially exposing confidential information and compromising the device's integrity. This highlights the importance of securing hardware interfaces and implementing proper credential management.

Affected Version(s)

FL NAT 2008 0.0.0 < 3.50

FL NAT 2208 0.0.0 < 3.50

FL NAT 2304-2GC-2SFP 0.0.0 < 3.50

References

https://certvde.com/de/advisories/VDE-2025-071

CVSS V3.1

Score:

4.6

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Physical

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 9, 2025
Vulnerability Reserved
Apr 16, 2025

Credit

D. Blagojevic, S. Dietz, F. Koroknai, T. Weber from CyberDanube

JSON