CRITICAL🇵🇱 Wersja polska

CVE-2025-25270

CVSS 9.8v3.1pub. 2025-07-08upd. 2025-07-11

An unauthenticated remote attacker can alter the device configuration in a way to get remote code execution as root with specific configurations.

🤖 AI Analysis
How it works

An unauthenticated remote attacker can modify the device configuration in such a way that, under specific settings, it leads to remote code execution (RCE). The attack is possible over the network without requiring any privileges or user interaction. The CVSS vector (AV:N/AC:L/PR:N/UI:N) indicates low attack complexity and no prerequisites on the attacker's side.

Impact

An attacker gains the ability to remotely execute arbitrary code with root privileges, resulting in complete device takeover, loss of data confidentiality and integrity, and potential disruption of charging service availability.

Mitigation & patch

Apply patches available from the manufacturer in accordance with the references (https://certvde.com/de/advisories/VDE-2025-019). Until the patch is deployed, it is recommended to restrict network access to CHARX SEC devices through a firewall or network segmentation, and to avoid exposing configuration interfaces to the public network.

Who is affected

Phoenix Contact CHARX SEC-3000, CHARX SEC-3050 (Firmware), CHARX SEC-3100 (Firmware), CHARX SEC-3150 (Firmware) — exact versions of vulnerable software are indicated in the manufacturer's references (VDE-2025-019).

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Phoenixcontact Charx Sec 3000

    HW
    Phoenixcontact
    wszystkie wersje
  • Phoenixcontact Charx Sec 3000 Firmware

    OS
    Phoenixcontact
    < 1.7.3
  • Phoenixcontact Charx Sec 3050

    HW
    Phoenixcontact
    wszystkie wersje
  • Phoenixcontact Charx Sec 3050 Firmware

    OS
    Phoenixcontact
    < 1.7.3
  • Phoenixcontact Charx Sec 3100

    HW
    Phoenixcontact
    wszystkie wersje
  • Phoenixcontact Charx Sec 3100 Firmware

    OS
    Phoenixcontact
    < 1.7.3
  • Phoenixcontact Charx Sec 3150

    HW
    Phoenixcontact
    wszystkie wersje
  • Phoenixcontact Charx Sec 3150 Firmware

    OS
    Phoenixcontact
    < 1.7.3
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCE
CWE
References

Related vulnerabilities

CVE-2024-25995CRITICAL9.8PL ✓ten sam produkt

RCE i eskalacja uprawnień w Phoenix Contact CHARX SEC — brak walidacji danych wejściowych

CVE-2025-24005HIGH7.8ten sam produkt

A local attacker with a local user account can leverage a vulnerable script via SSH to escalate privileges to ...

CVE-2025-24006HIGH7.8ten sam produkt

A low privileged local attacker can leverage insecure permissions via SSH on the affected devices to escalate ...

CVE-2025-24003HIGH8.2ten sam produkt

An unauthenticated remote attacker can use MQTT messages to trigger out-of-bounds writes in charging stations ...

CVE-2025-25268HIGH8.8ten sam produkt

An unauthenticated adjacent attacker can modify configuration by sending specific requests to an API-endpoint ...