CVE-2025-25270 Remote Code Execution via Unauthenticated Configuration Manipulation

🗓️ 08 Jul 2025 07:00:58Reported by CERTVDEType

Unauthenticated attacker can change device settings to achieve remote code execution as root

Reporter	Title	Published	Views	Family All 10
Circl	CVE-2025-25270	8 Jul 202507:09	–	circl
CNNVD	PHOENIX CONTACT多款产品安全漏洞	8 Jul 202500:00	–	cnnvd
CVE	CVE-2025-25270	8 Jul 202507:00	–	cve
EUVD	EUVD-2025-20402	3 Oct 202520:07	–	euvd
NVD	CVE-2025-25270	8 Jul 202507:15	–	nvd
OSV	CVE-2025-25270	8 Jul 202507:15	–	osv
Positive Technologies	PT-2025-28347 · Device · Device	8 Jul 202500:00	–	ptsecurity
RedhatCVE	CVE-2025-25270	10 Jul 202507:24	–	redhatcve
Vulnrichment	CVE-2025-25270 Remote Code Execution via Unauthenticated Configuration Manipulation	8 Jul 202507:00	–	vulnrichment
Zero Day Initiative	(Pwn2Own) Phoenix Contact CHARX SEC-3150 Origin Validation Error Firewall Bypass Vulnerability	21 Jul 202500:00	–	zdi

[
  {
    "defaultStatus": "unaffected",
    "product": "CHARX SEC-3150",
    "vendor": "Phoenix Contact",
    "versions": [
      {
        "lessThan": "1.7.3",
        "status": "affected",
        "version": "0.0.0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "CHARX SEC-3100",
    "vendor": "Phoenix Contact",
    "versions": [
      {
        "lessThan": "1.7.3",
        "status": "affected",
        "version": "0.0.0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "CHARX SEC-3050",
    "vendor": "Phoenix Contact",
    "versions": [
      {
        "lessThan": "1.7.3",
        "status": "affected",
        "version": "0.0.0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "CHARX SEC-3000",
    "vendor": "Phoenix Contact",
    "versions": [
      {
        "lessThan": "1.7.3",
        "status": "affected",
        "version": "0.0.0",
        "versionType": "semver"
      }
    ]
  }
]

Source	Link
certvde	www.certvde.com/de/advisories/VDE-2025-019

08 Jul 2025 07:00Current

CVSS 3.19.8

EPSS0.00631

CWE-913