CVE-2025-41717
Unknown Unknown - Not Provided

Code Injection via Config-Upload Endpoint Enables Root Access

Vulnerability report for CVE-2025-41717, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-01-13

Last updated on: 2026-02-05

Assigner: CERT VDE

Description

An unauthenticated remote attacker can trick a high privileged user into uploading a malicious payload via the config-upload endpoint, leading to code injection as root. This results in a total loss of confidentiality, availability and integrity due to improper control of code generation ('Code Injection’).

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-01-13
Last Modified
2026-02-05
Generated
2026-07-06
AI Q&A
2026-01-13
EPSS Evaluated
2026-07-05
NVD

Affected Vendors & Products

Showing 5 associated CPEs
Vendor Product Version / Range
phoenix_contact cloud_client 3.07.7
phoenix_contact tc_cloud_client 3.08.8
phoenix_contact tc_cloud_client 3.07.7
phoenix_contact tc_router 3.08.8
phoenix_contact tc_router 1.06.23

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-94 The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2025-41717 is a code injection vulnerability in the firmware of Phoenix Contact's TC ROUTER and CLOUD CLIENT industrial mobile network routers. An unauthenticated remote attacker can trick a high privileged user into uploading a malicious payload via the config-upload endpoint. This leads to code injection running as root, resulting in a total loss of confidentiality, integrity, and availability of the affected devices. [1]

Impact Analysis

This vulnerability can lead to a complete compromise of the affected devices, including total loss of confidentiality, integrity, and availability. An attacker can execute arbitrary code as root, potentially taking full control of the device, disrupting operations, stealing sensitive information, or causing device failure. [1]

Mitigation Strategies

Immediate mitigation steps include strictly restricting administrative access to the affected devices and ensuring that configuration files are imported only from trusted sources. The recommended remediation is to upgrade the firmware to the fixed versions that address this vulnerability: TC ROUTER 3002T-3G, 2002T-3G, 3002T-4G (including GL, VZW, ATT), 2002T-4G to firmware 3.08.8; TC ROUTER 5004T-5G EU to firmware 1.06.23; CLOUD CLIENT 1101T-TX/TX to firmware 3.07.7; TC CLOUD CLIENT 1002-4G ATT to firmware 3.08.8; and TC CLOUD CLIENT 1002-TX/TX to firmware 3.07.7. [1]

Compliance Impact

This vulnerability leads to a total loss of confidentiality, integrity, and availability due to code injection as root. Such a loss can negatively impact compliance with standards and regulations like GDPR and HIPAA, which require protection of sensitive data and system integrity. However, specific impacts on compliance are not detailed in the provided resources. [1]

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-41717. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart