CVE-2025-41699

CWE-94Code Injection3 documents3 sources
Severity
8.8HIGH
EPSS
0.2%
top 52.29%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Phoenix Contact Charx Sec-3000Phoenix Contact Charx Sec-3050Phoenix Contact Charx Sec-3100+1 more
Timeline
PublishedOct 14

Description

An low privileged remote attacker with an account for the Web-based management can change the system configuration to perform a command injection as root, resulting in a total loss of confidentiality, availability and integrity due to improper control of generation of code ('Code Injection').

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages4 packages

CVEListV5phoenix_contact/charx_sec-30000.0.01.7.4
CVEListV5phoenix_contact/charx_sec-30500.0.01.7.4
CVEListV5phoenix_contact/charx_sec-31000.0.01.7.4
CVEListV5phoenix_contact/charx_sec-31500.0.01.7.4

🔴Vulnerability Details

2
GHSA
GHSA-5whr-v2mg-4xrv: An low privileged remote attacker with an account for the Web-based management can change the system configuration to perform a command injection as r2025-10-14
CVEList
Phoenix Contact: Security Advisory for CHARX SEC-3xxx charging controllers2025-10-14
CVE-2025-41699 (HIGH CVSS 8.8) | An low privileged remote attacker w | cvebase.io