CVE-2025-41692
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-12-09

Last updated on: 2025-12-09

Assigner: CERT VDE

Description
A high privileged remote attacker with admin privileges for the webUI can brute-force the "root" and "user" passwords of the underlying OS due to a weak password generation algorithm.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-09
Last Modified
2025-12-09
Generated
2026-06-16
AI Q&A
2025-12-10
EPSS Evaluated
2026-06-15
NVD
CVE-2025-41692
EUVD
EUVD-2025-201892
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
phoenix_contact fl_switch 3.50
phoenix_contact fl_switch 2xxx
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-916 The product generates a hash for a password, but it uses a scheme that does not provide a sufficient level of computational effort that would make password cracking attacks infeasible or expensive.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

This vulnerability impacts the confidentiality of the device by allowing a high privileged remote attacker to brute-force OS passwords due to weak password hashing. Such unauthorized access to sensitive data could lead to non-compliance with standards and regulations like GDPR and HIPAA, which require protection of sensitive information. Therefore, the vulnerability poses a risk to compliance by potentially exposing confidential data. [1]

Executive Summary

This vulnerability allows a high privileged remote attacker who already has admin privileges for the web user interface (webUI) to brute-force the 'root' and 'user' passwords of the underlying operating system. This is possible because the system uses a weak password generation algorithm, making it easier to guess or crack these passwords.

Impact Analysis

The vulnerability can lead to unauthorized access to the underlying operating system by allowing an attacker to brute-force critical user passwords. This can compromise system security, potentially allowing the attacker to gain control over the system at the OS level, which can lead to data breaches or further exploitation.

Detection Guidance

Detection can involve checking if devices in your network are running Phoenix Contact FL SWITCH 2xxx series firmware versions prior to 3.50, as these are vulnerable. Since the vulnerability involves weak password hashing allowing brute-force attacks on 'root' and 'user' OS passwords via the webUI, monitoring for repeated failed login attempts or unusual authentication patterns on the webUI could indicate exploitation attempts. Specific commands are not provided in the resources. [1]

Mitigation Strategies

The immediate mitigation step is to update the firmware of affected Phoenix Contact FL SWITCH 2xxx devices to version 3.50 or later, where this vulnerability has been resolved. Additionally, monitoring and restricting access to the webUI and enforcing strong password policies can help reduce risk. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-41692. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart