CVE-2025-41697

CWE-12993 documents3 sources
Severity
6.8MEDIUM
EPSS
0.0%
top 89.88%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
138
Phoenix Contact FL NAT 2008Phoenix Contact FL NAT 2208Phoenix Contact FL NAT 2304-2gc-2sfp+135 more
Timeline
PublishedDec 9

Description

An attacker can use an undocumented UART port on the PCB as a side-channel to get root access e.g. with the credentials obtained from CVE-2025-41692.

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 0.9 | Impact: 5.9

Affected Packages138 packages

CVEListV5phoenix_contact/fl_nat_20080.0.03.50
CVEListV5phoenix_contact/fl_nat_22080.0.03.50
CVEListV5phoenix_contact/fl_switch_20050.0.03.50
CVEListV5phoenix_contact/fl_switch_20080.0.03.50
CVEListV5phoenix_contact/fl_switch_20160.0.03.50

🔴Vulnerability Details

2
GHSA
GHSA-ccrq-w269-c7pj: An attacker can use an undocumented UART port on the PCB as a side-channel to get root access e2025-12-09
CVEList
Shell access to UART Console2025-12-09
CVE-2025-41697 (MEDIUM CVSS 6.8) | An attacker can use an undocumented | cvebase.io