CVE-2025-41670
Deferred Deferred - Pending Action
Privilege Escalation in System Service via File Manipulation

Publication date: 2026-05-27

Last updated on: 2026-05-27

Assigner: CERT VDE

Description
A local user with low privileges may be able to influence the behavior of a privileged system service by manipulating configuration or application-related files located in user-writable areas of the filesystem. The affected service processes data from locations that are not sufficiently protected against modification by low-privileged users. As the service runs with elevated privileges, successful exploitation may result in a local privilege escalation.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-27
Last Modified
2026-05-27
Generated
2026-06-16
AI Q&A
2026-05-27
EPSS Evaluated
2026-06-15
NVD
CVE-2025-41670
EUVD
EUVD-2025-209951
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
phoenix_contact plcnext_firmware to 2026.0.3 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-427 The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability allows a local user with low privileges to manipulate configuration or application-related files in areas of the filesystem that they can write to. These files are used by a privileged system service that processes data from locations not adequately protected against modification by low-privileged users. Because the service runs with elevated privileges, this manipulation can influence its behavior and potentially lead to a local privilege escalation.

Impact Analysis

The impact of this vulnerability is that an attacker with low-level access to the system could escalate their privileges to a higher level by exploiting the insufficient protection of configuration or application files used by a privileged service. This could allow the attacker to gain unauthorized access to sensitive system functions or data.

Mitigation Strategies

To mitigate this vulnerability, you should ensure that configuration and application-related files located in user-writable areas of the filesystem are properly protected against modification by low-privileged users.

Since the vulnerability involves a privileged system service processing data from insufficiently protected locations, immediate steps include restricting write permissions to these areas to prevent unauthorized changes.

Additionally, applying any available firmware updates that address this issue is recommended once they are released.

Compliance Impact

The vulnerability allows a local low-privileged user to escalate privileges by manipulating configuration or application-related files that are insufficiently protected. This could lead to unauthorized access or control over privileged system services.

Such unauthorized privilege escalation and potential compromise of system integrity can negatively impact compliance with standards and regulations like GDPR and HIPAA, which require strict controls over access to sensitive data and system security.

Specifically, if exploited, this vulnerability could lead to breaches of confidentiality, integrity, and availability of data, which are core concerns of these regulations.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-41670. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart