CVE-2025-41717
Unknown Unknown - Not Provided
Code Injection via Config-Upload Endpoint Enables Root Access

Publication date: 2026-01-13

Last updated on: 2026-02-05

Assigner: CERT VDE

Description
An unauthenticated remote attacker can trick a high privileged user into uploading a malicious payload via the config-upload endpoint, leading to code injection as root. This results in a total loss of confidentiality, availability and integrity due to improper control of code generation ('Code Injection’).
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-13
Last Modified
2026-02-05
Generated
2026-06-16
AI Q&A
2026-01-13
EPSS Evaluated
2026-06-15
NVD
CVE-2025-41717
Affected Vendors & Products
Showing 5 associated CPEs
Vendor Product Version / Range
phoenix_contact cloud_client 3.07.7
phoenix_contact tc_cloud_client 3.08.8
phoenix_contact tc_cloud_client 3.07.7
phoenix_contact tc_router 3.08.8
phoenix_contact tc_router 1.06.23
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-94 The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-41717 is a code injection vulnerability in the firmware of Phoenix Contact's TC ROUTER and CLOUD CLIENT industrial mobile network routers. An unauthenticated remote attacker can trick a high privileged user into uploading a malicious payload via the config-upload endpoint. This leads to code injection running as root, resulting in a total loss of confidentiality, integrity, and availability of the affected devices. [1]

Impact Analysis

This vulnerability can lead to a complete compromise of the affected devices, including total loss of confidentiality, integrity, and availability. An attacker can execute arbitrary code as root, potentially taking full control of the device, disrupting operations, stealing sensitive information, or causing device failure. [1]

Mitigation Strategies

Immediate mitigation steps include strictly restricting administrative access to the affected devices and ensuring that configuration files are imported only from trusted sources. The recommended remediation is to upgrade the firmware to the fixed versions that address this vulnerability: TC ROUTER 3002T-3G, 2002T-3G, 3002T-4G (including GL, VZW, ATT), 2002T-4G to firmware 3.08.8; TC ROUTER 5004T-5G EU to firmware 1.06.23; CLOUD CLIENT 1101T-TX/TX to firmware 3.07.7; TC CLOUD CLIENT 1002-4G ATT to firmware 3.08.8; and TC CLOUD CLIENT 1002-TX/TX to firmware 3.07.7. [1]

Compliance Impact

This vulnerability leads to a total loss of confidentiality, integrity, and availability due to code injection as root. Such a loss can negatively impact compliance with standards and regulations like GDPR and HIPAA, which require protection of sensitive data and system integrity. However, specific impacts on compliance are not detailed in the provided resources. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-41717. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart