CVE-2025-41697
Unknown
Unknown - Not Provided
BaseFortify
Vulnerability report for CVE-2025-41697, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.
Publication date: 2025-12-09
Last updated on: 2025-12-09
Assigner: CERT VDE
Description
Description
An attacker can use an undocumented UART port on the PCB as a side-channel to get root access e.g. with the credentials obtained from CVE-2025-41692.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| phoenix_contact | fl_switch | 3.50 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-1299 | The lack of protections on alternate paths to access control-protected assets (such as unprotected shadow registers and other external facing unguarded interfaces) allows an attacker to bypass existing protections to the asset that are only performed against the primary path. |