CVE-2025-41699
published 2025-10-14CVE-2025-41699: An low privileged remote attacker with an account for the Web-based management can change the system configuration to perform a command injection as root…
high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
An low privileged remote attacker with an account for the Web-based management can change the system configuration to perform a command injection as root, resulting in a total loss of confidentiality, availability and integrity due to improper control of generation of code ('Code Injection').
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| phoenix_contact | charx_sec-3000 | >= 0.0.0 < 1.7.4 | 1.7.4 |
| phoenix_contact | charx_sec-3050 | >= 0.0.0 < 1.7.4 | 1.7.4 |
| phoenix_contact | charx_sec-3100 | >= 0.0.0 < 1.7.4 | 1.7.4 |
| phoenix_contact | charx_sec-3150 | >= 0.0.0 < 1.7.4 | 1.7.4 |