CVE-2025-41699
Published: 14 October 2025
Description
Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries.
Security Summary
CVE-2025-41699 is a code injection vulnerability (CWE-94) in the web-based management interface of Phoenix Contact products, arising from improper control of code generation. Published on 2025-10-14, it has a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its potential for network-accessible exploitation with low complexity and privileges.
A low-privileged remote attacker possessing an account on the affected web-based management interface can exploit the vulnerability by modifying system configuration parameters. This enables command injection executed with root privileges, leading to a total loss of confidentiality, integrity, and availability on the targeted system.
Mitigation details are provided in the vendor advisory at https://phoenixcontact.csaf-tp.certvde.com/.well-known/csaf/white/2025/vde-2025-074.json.
Details
- CWE(s)
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The vulnerability in the web-based management interface enables low-privileged remote attackers to perform command injection with root privileges, directly facilitating T1190 (Exploit Public-Facing Application), T1068 (Exploitation for Privilege Escalation), and T1059 (Command and Scripting Interpreter).