cbcvebase.
CVE-2025-41670
published 2026-05-27

CVE-2025-41670: A local user with low privileges may be able to influence the behavior of a privileged system service by manipulating configuration or application-related…

high8.7CVSS 4.0
AVNACLATNPRLUINVCHVIHVAHSCNSINSANEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
A local user with low privileges may be able to influence the behavior of a privileged system service by manipulating configuration or application-related files located in user-writable areas of the filesystem. The affected service processes data from locations that are not sufficiently protected against modification by low-privileged users. As the service runs with elevated privileges, successful exploitation may result in a local privilege escalation.

Affected

14 ranges
VendorProductVersion rangeFixed in
phoenix_contactaxc_f_1152>= 0.0.0 < 2026.0.32026.0.3
phoenix_contactaxc_f_1252>= 0.0.0 < 2026.0.32026.0.3
phoenix_contactaxc_f_2000_ea>= 0.0.0 < 2026.0.32026.0.3
phoenix_contactaxc_f_2152>= 0.0.0 < 2026.0.32026.0.3
phoenix_contactaxc_f_3152>= 0.0.0 < 2026.0.32026.0.3
phoenix_contactbpc_9102s>= 0.0.0 < 2026.0.32026.0.3
phoenix_contactepc_1522>= 0.0.0 < 2026.0.32026.0.3
phoenix_contactrfc_4072r>= 0.0.0 < 2026.0.32026.0.3
phoenix_contactrfc_4072s>= 0.0.0 < 2026.0.32026.0.3
phoenix_contactvl3_upc_2440_edge>= 0.0.0 < 2026.0.32026.0.3
phoenix_contactvplcnext_control_1000>= 0.0.0 < 2026.0.32026.0.3
phoenix_contactvplcnext_control_2000>= 0.0.0 < 2026.0.32026.0.3
phoenix_contactvplcnext_control_3000>= 0.0.0 < 2026.0.32026.0.3
phoenix_contactvplcnext_control_500>= 0.0.0 < 2026.0.32026.0.3