CVE-2025-41749

CWE-79Cross-site Scripting (XSS)4 documents4 sources
Severity
7.1HIGH
EPSS
0.1%
top 65.42%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
138
Phoenix Contact FL NAT 2008Phoenix Contact FL NAT 2208Phoenix Contact FL NAT 2304-2gc-2sfp+135 more
Timeline
PublishedDec 9
Latest updateDec 18

Description

An XSS vulnerability in port_util.php can be used by an unauthenticated remote attacker to trick an authenticated user to click on the link provided by the attacker in order to change parameters available via web based management (WBM). The vulnerability does not provide access to system-level resources such as operating system internals or privileged functions. Access is limited to device configuration parameters that are available in the context of the web application. The session cookie is se

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:LExploitability: 2.8 | Impact: 3.7

Affected Packages138 packages

CVEListV5phoenix_contact/fl_nat_20080.0.03.50
CVEListV5phoenix_contact/fl_nat_22080.0.03.50
CVEListV5phoenix_contact/fl_switch_20050.0.03.50
CVEListV5phoenix_contact/fl_switch_20080.0.03.50
CVEListV5phoenix_contact/fl_switch_20160.0.03.50

🔴Vulnerability Details

2
CVEList
Reflected XSS vulnerability in port_util.php2025-12-09
GHSA
GHSA-q92c-5g4r-65xg: An XSS vulnerability in port_util2025-12-09

🔍Detection Rules

1
Suricata
ET WEB_SPECIFIC_APPS Phoenix Contact port_util.php portSelect Parameter Cross Site Scripting Attempt (CVE-2025-41749)2025-12-18
CVE-2025-41749 (HIGH CVSS 7.1) | An XSS vulnerability in port_util.p | cvebase.io