CVE-2025-41695
Severity
7.1HIGH
EPSS
0.1%
top 64.63%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedDec 9
Latest updateDec 18
Description
An XSS vulnerability in dyn_conn.php can be used by an unauthenticated remote attacker to trick an authenticated user to send a manipulated POST request to the device in order to change parameters available via web based management (WBM). The vulnerability does not provide access to system-level resources such as operating system internals or privileged functions. Access is limited to device configuration parameters that are available in the context of the web application. The session cookie is …
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:LExploitability: 2.8 | Impact: 3.7
Affected Packages138 packages
🔴Vulnerability Details
2🔍Detection Rules
1Suricata▶
ET WEB_SPECIFIC_APPS Phoenix Contact dyn_conn.php objSave Parameter Cross Site Scripting Attempt (CVE-2025-41695)↗2025-12-18