Code Injection Vulnerability in Phoenix Contact Web-Based Management System
CVE-2025-41699

8.8HIGH

Key Information:

Vendor: Phoenix Contact
Status: Charx Sec-3150; Charx Sec-3100; Charx Sec-3050; Charx Sec-3000
Vendor: CVE Published:; 14 October 2025

🔔 Create Phoenix Contact Vulnerability Alert

What is CVE-2025-41699?

A low privileged remote attacker with access to the Web-based management interface can manipulate the system configuration to execute arbitrary commands with root privileges. This vulnerability can lead to severe consequences, including the potential loss of confidentiality, integrity, and availability of the affected systems due to insufficient validation of input that generates executable code.

Affected Version(s)

CHARX SEC-3000 0.0.0 < 1.7.4

CHARX SEC-3050 0.0.0 < 1.7.4

CHARX SEC-3100 0.0.0 < 1.7.4

References

https://phoenixcontact.csaf-tp.certvde.com/.well-known/cs...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 14, 2025
Vulnerability Reserved
Apr 16, 2025

Credit

X from JPCERT

JSON