CVE-2025-41686
BaseFortify
Publication date: 2025-08-12
Last updated on: 2025-08-12
Assigner: CERT VDE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| phoenix_contact | device_and_update_management | 2025.3.1 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-306 | The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-41686 is a privilege escalation vulnerability in Phoenix Contact's Device and Update Management (DaUM) software prior to version 2025.3.1. It occurs because of improper permissions set on the nssm.exe executable, which is used to manage Windows services. A low-privileged local attacker can exploit this misconfiguration to execute arbitrary code with administrative privileges, thereby escalating their rights to administrator level. [1]
How can this vulnerability impact me? :
This vulnerability allows a low-privileged local attacker to gain administrative access on the affected system. This can lead to full control over the system, including the ability to compromise confidentiality, integrity, and availability of data and services. Such an escalation can result in unauthorized changes, data theft, or disruption of services. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
You can detect this vulnerability by checking the permissions on the nssm.exe executable used by Phoenix Contact's Device and Update Management (DaUM) software. Specifically, verify if nssm.exe has improper permissions that allow low-privileged users to execute it with administrative privileges. On a Windows system, you can use commands like 'icacls' to inspect the permissions of nssm.exe, for example: icacls "C:\Path\To\nssm.exe". Look for overly permissive access rights that could allow non-administrative users to modify or execute the file with elevated privileges. [1]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation steps are to update Phoenix Contact's Device and Update Management (DaUM) software to version 2025.3.1 or later, which contains the fix for this vulnerability. Additionally, it is recommended to operate network-capable devices within closed networks or behind suitable firewalls to reduce exposure to potential attacks exploiting this issue. [1]