cbcvebase.
CVE-2025-41694
published 2025-12-09

CVE-2025-41694: A low privileged remote attacker can run the webshell with an empty command containing whitespace. The server will then block until it receives more data…

medium6.5CVSS 3.1
AVNACLPRLUINSUCNINAH
A low privileged remote attacker can run the webshell with an empty command containing whitespace. The server will then block until it receives more data, resulting in a DoS condition of the websserver.

Affected

138 ranges· showing 25
VendorProductVersion rangeFixed in
phoenix_contactfl_nat_2008>= 0.0.0 < 3.503.50
phoenix_contactfl_nat_2208>= 0.0.0 < 3.503.50
phoenix_contactfl_nat_2304-2gc-2sfp>= 0.0.0 < 3.503.50
phoenix_contactfl_switch_2005>= 0.0.0 < 3.503.50
phoenix_contactfl_switch_2008>= 0.0.0 < 3.503.50
phoenix_contactfl_switch_2008f>= 0.0.0 < 3.503.50
phoenix_contactfl_switch_2016>= 0.0.0 < 3.503.50
phoenix_contactfl_switch_2105>= 0.0.0 < 3.503.50
phoenix_contactfl_switch_2108>= 0.0.0 < 3.503.50
phoenix_contactfl_switch_2116>= 0.0.0 < 3.503.50
phoenix_contactfl_switch_2204-2tc-2sfx>= 0.0.0 < 3.503.50
phoenix_contactfl_switch_2205>= 0.0.0 < 3.503.50
phoenix_contactfl_switch_2206-2fx>= 0.0.0 < 3.503.50
phoenix_contactfl_switch_2206-2fx_sm>= 0.0.0 < 3.503.50
phoenix_contactfl_switch_2206-2fx_sm_st>= 0.0.0 < 3.503.50
phoenix_contactfl_switch_2206-2fx_st>= 0.0.0 < 3.503.50
phoenix_contactfl_switch_2206-2sfx>= 0.0.0 < 3.503.50
phoenix_contactfl_switch_2206-2sfx_pn>= 0.0.0 < 3.503.50
phoenix_contactfl_switch_2206c-2fx>= 0.0.0 < 3.503.50
phoenix_contactfl_switch_2207-fx>= 0.0.0 < 3.503.50
phoenix_contactfl_switch_2207-fx_sm>= 0.0.0 < 3.503.50
phoenix_contactfl_switch_2208>= 0.0.0 < 3.503.50
phoenix_contactfl_switch_2208_pn>= 0.0.0 < 3.503.50
phoenix_contactfl_switch_2208c>= 0.0.0 < 3.503.50
phoenix_contactfl_switch_2212-2tc-2sfx>= 0.0.0 < 3.503.50