CVE-2025-41699 Phoenix Contact: Security Advisory for CHARX SEC-3xxx charging controllers

🗓️ 14 Oct 2025 08:35:05Reported by CERTVDEType

Low-privilege attacker with web access can trigger root command injection, risking full confidentiality, availability and integrity.

Reporter	Title	Published	Views	Family All 9
Circl	CVE-2025-41699	14 Oct 202513:43	–	circl
CNNVD	Phoenix Contact CHARX SEC-3150 代码注入漏洞	14 Oct 202500:00	–	cnnvd
CVE	CVE-2025-41699	14 Oct 202508:35	–	cve
EUVD	EUVD-2025-34144	14 Oct 202508:35	–	euvd
Japan Vulnerability Notes	Phoenix Contact CHARX SEC-3xxx vulnerable to code injection	15 Oct 202506:54	–	jvn
NVD	CVE-2025-41699	14 Oct 202509:15	–	nvd
Positive Technologies	PT-2025-41859	14 Oct 202500:00	–	ptsecurity
RedhatCVE	CVE-2025-41699	15 Oct 202513:45	–	redhatcve
Vulnrichment	CVE-2025-41699 Phoenix Contact: Security Advisory for CHARX SEC-3xxx charging controllers	14 Oct 202508:35	–	vulnrichment

[
  {
    "defaultStatus": "unaffected",
    "product": "CHARX SEC-3150",
    "vendor": "Phoenix Contact",
    "versions": [
      {
        "lessThan": "1.7.4",
        "status": "affected",
        "version": "0.0.0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "CHARX SEC-3100",
    "vendor": "Phoenix Contact",
    "versions": [
      {
        "lessThan": "1.7.4",
        "status": "affected",
        "version": "0.0.0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "CHARX SEC-3050",
    "vendor": "Phoenix Contact",
    "versions": [
      {
        "lessThan": "1.7.4",
        "status": "affected",
        "version": "0.0.0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "CHARX SEC-3000",
    "vendor": "Phoenix Contact",
    "versions": [
      {
        "lessThan": "1.7.4",
        "status": "affected",
        "version": "0.0.0",
        "versionType": "semver"
      }
    ]
  }
]

Source	Link
phoenixcontact	www.phoenixcontact.csaf-tp.certvde.com/.well-known/csaf/white/2025/vde-2025-074.json

15 Oct 2025 06:36Current

CVSS 3.18.8

EPSS0.00261

CWE-94