CVE-2025-41745
Severity
7.1HIGH
EPSS
0.1%
top 65.42%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedDec 9
Latest updateDec 18
Description
An XSS vulnerability in pxc_portCntr2.php can be used by an unauthenticated remote attacker to trick an authenticated user to send a manipulated POST request to the device in order to change parameters available via web based management (WBM). The vulnerability does not provide access to system-level resources such as operating system internals or privileged functions. Access is limited to device configuration parameters that are available in the context of the web application. The session cooki…
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:LExploitability: 2.8 | Impact: 3.7
Affected Packages138 packages
🔴Vulnerability Details
2🔍Detection Rules
1Suricata▶
ET WEB_SPECIFIC_APPS Phoenix Contact pxc_portCntr2.php activeTab Parameter Cross Site Scripting Attempt (CVE-2025-41745)↗2025-12-18