CVE-2025-25270
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-07-08
Last updated on: 2025-07-11
Assigner: CERT VDE
Description
Description
An unauthenticated remote attacker can alter the device configuration in a way to get remote code execution as root with specific configurations.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| phoenixcontact | charx_sec-3000_firmware | to 1.7.3 (exc) |
| phoenixcontact | charx_sec-3000 | * |
| phoenixcontact | charx_sec-3050_firmware | to 1.7.3 (exc) |
| phoenixcontact | charx_sec-3050 | * |
| phoenixcontact | charx_sec-3100_firmware | to 1.7.3 (exc) |
| phoenixcontact | charx_sec-3100 | * |
| phoenixcontact | charx_sec-3150_firmware | to 1.7.3 (exc) |
| phoenixcontact | charx_sec-3150 | * |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-913 | The product does not properly restrict reading from or writing to dynamically-managed code resources such as variables, objects, classes, attributes, functions, or executable instructions or statements. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability allows an unauthenticated remote attacker to change the device configuration in such a way that they can execute code remotely with root privileges, but this requires specific configurations to be present.
How can this vulnerability impact me? :
If exploited, this vulnerability can lead to complete compromise of the affected device, allowing an attacker to execute arbitrary code as root, potentially leading to loss of control, data theft, or disruption of services.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70