CVE-2025-41751

CWE-79Cross-site Scripting (XSS)4 documents4 sources
Severity
7.1HIGH
EPSS
0.2%
top 58.39%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
138
Phoenix Contact FL NAT 2008Phoenix Contact FL NAT 2208Phoenix Contact FL NAT 2304-2gc-2sfp+135 more
Timeline
PublishedDec 9
Latest updateDec 18

Description

An XSS vulnerability in pxc_portCntr.php can be used by an unauthenticated remote attacker to trick an authenticated user to click on the link provided by the attacker in order to change parameters available via web based management (WBM). The vulnerability does not provide access to system-level resources such as operating system internals or privileged functions. Access is limited to device configuration parameters that are available in the context of the web application. The session cookie is

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:LExploitability: 2.8 | Impact: 3.7

Affected Packages138 packages

CVEListV5phoenix_contact/fl_nat_20080.0.03.50
CVEListV5phoenix_contact/fl_nat_22080.0.03.50
CVEListV5phoenix_contact/fl_switch_20050.0.03.50
CVEListV5phoenix_contact/fl_switch_20080.0.03.50
CVEListV5phoenix_contact/fl_switch_20160.0.03.50

🔴Vulnerability Details

2
CVEList
Reflected XSS vulnerability in pxc_portCntr.php2025-12-09
GHSA
GHSA-p3g5-4g22-76mw: An XSS vulnerability in pxc_portCntr2025-12-09

🔍Detection Rules

1
Suricata
ET WEB_SPECIFIC_APPS Phoenix Contact pxc_portCntr.php port Parameter Cross Site Scripting Attempt (CVE-2025-41751)2025-12-18
CVE-2025-41751 (HIGH CVSS 7.1) | An XSS vulnerability in pxc_portCnt | cvebase.io