CVE-2025-25269
published 2025-07-08CVE-2025-25269: An unauthenticated local attacker can inject a command that is subsequently executed as root, leading to a privilege escalation.
high8.4CVSS 3.1
AVLACLPRNUINSUCHIHAH
An unauthenticated local attacker can inject a command that is subsequently executed as root, leading to a privilege escalation.
Affected
13 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| phoenix_contact | charx_sec-3000 | >= 0.0.0 < 1.7.3 | 1.7.3 |
| phoenix_contact | charx_sec-3050 | >= 0.0.0 < 1.7.3 | 1.7.3 |
| phoenix_contact | charx_sec-3100 | >= 0.0.0 < 1.7.3 | 1.7.3 |
| phoenix_contact | charx_sec-3150 | >= 0.0.0 < 1.7.3 | 1.7.3 |
| phoenixcontact | charx_sec-3000_firmware | < 1.7.3 | 1.7.3 |
| phoenixcontact | charx_sec-3050_firmware | < 1.7.3 | 1.7.3 |
| phoenixcontact | charx_sec-3100_firmware | < 1.7.3 | 1.7.3 |
| phoenixcontact | charx_sec-3150_firmware | < 1.7.3 | 1.7.3 |
| struktur | libheif | >= 0 < 1.17.6-1ubuntu4.2 | 1.17.6-1ubuntu4.2 |
| struktur | libheif | >= 0 < 1.20.2-1ubuntu0.1 | 1.20.2-1ubuntu0.1 |
| struktur | libheif | >= 0 < 1.1.0-2ubuntu0.1~esm2 | 1.1.0-2ubuntu0.1~esm2 |
| struktur | libheif | >= 0 < 1.6.1-1ubuntu0.1~esm2 | 1.6.1-1ubuntu0.1~esm2 |
| struktur | libheif | >= 0 < 1.12.0-2ubuntu0.1~esm2 | 1.12.0-2ubuntu0.1~esm2 |
CVSS provenance
nvdv3.18.4HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
osv7.5HIGH