Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-41751

An XSS vulnerability in pxc_portCntr.php can be used by an unauthenticated remote attacker to trick an authenticated user to click on the link provided by the attacker in order to change parameters available via web based management (WBM). The vulnerability does not provide access to system-level resources such as operating system internals or privileged functions. Access is limited to device configuration parameters that are available in the context of the web application. The session cookie is secured by the httpOnly Flag. Therefore an attacker is not able to take over the session of an authenticated user.

Security Impact Summary

This vulnerability carries a HIGH severity rating with a CVSS v3.1 score of 7.1, indicating it can be exploited remotely over the network with relatively low complexity though user interaction is required and does not require pre-existing privileges . The vulnerability impacts limited data confidentiality, limited integrity, and limited availability for affected systems. Impacting 137 products from phoenixcontact, from phoenixcontact, from phoenixcontact and 134 others, organizations running these solutions should prioritize assessment and patching.

Historical Context

Reported in 2025, this vulnerability emerged during an era marked by increased sophistication in supply chain attacks, cloud infrastructure vulnerabilities, and software-as-a-service (SaaS) security challenges. Security practices during this period emphasized zero-trust architectures, container security, and API protection.

Published

2025-12-09T16:17:50.670

Last Modified

2025-12-19T16:45:53.940

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 7.1 (HIGH)

Weaknesses

Type: Primary
CWE-79

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	phoenixcontact	fl_nat_2008_firmware	< 3.50	Yes
Hardware	phoenixcontact	fl_nat_2008	-	No
Operating System	phoenixcontact	fl_nat_2208_firmware	< 3.50	Yes
Hardware	phoenixcontact	fl_nat_2208	-	No
Operating System	phoenixcontact	fl_nat_2304-2gc-2sfp_firmware	< 3.50	Yes
Hardware	phoenixcontact	fl_nat_2304-2gc-2sfp	-	No
Operating System	phoenixcontact	fl_switch_2005_firmware	< 3.50	Yes
Hardware	phoenixcontact	fl_switch_2005	-	No
Operating System	phoenixcontact	fl_switch_2008_firmware	< 3.50	Yes
Hardware	phoenixcontact	fl_switch_2008	-	No
Operating System	phoenixcontact	fl_switch_2008f_firmware	< 3.50	Yes
Hardware	phoenixcontact	fl_switch_2008f	-	No
Operating System	phoenixcontact	fl_switch_2016_firmware	< 3.50	Yes
Hardware	phoenixcontact	fl_switch_2016	-	No
Operating System	phoenixcontact	fl_switch_2105_firmware	< 3.50	Yes
Hardware	phoenixcontact	fl_switch_2105	-	No
Operating System	phoenixcontact	fl_switch_2108_firmware	< 3.50	Yes
Hardware	phoenixcontact	fl_switch_2108	-	No
Operating System	phoenixcontact	fl_switch_2116_firmware	< 3.50	Yes
Hardware	phoenixcontact	fl_switch_2116	-	No
Operating System	phoenixcontact	fl_switch_2204-2tc-2sfx_firmware	< 3.50	Yes
Hardware	phoenixcontact	fl_switch_2204-2tc-2sfx	-	No
Operating System	phoenixcontact	fl_switch_2205_firmware	< 3.50	Yes
Hardware	phoenixcontact	fl_switch_2205	-	No
Operating System	phoenixcontact	fl_switch_2206-2fx_firmware	< 3.50	Yes
Hardware	phoenixcontact	fl_switch_2206-2fx	-	No
Operating System	phoenixcontact	fl_switch_2206-2fx_sm_firmware	< 3.50	Yes
Hardware	phoenixcontact	fl_switch_2206-2fx_sm	-	No
Operating System	phoenixcontact	fl_switch_2206-2fx_sm_st_firmware	< 3.50	Yes
Hardware	phoenixcontact	fl_switch_2206-2fx_sm_st	-	No
Operating System	phoenixcontact	fl_switch_2206-2fx_st_firmware	< 3.50	Yes
Hardware	phoenixcontact	fl_switch_2206-2fx_st	-	No
Operating System	phoenixcontact	fl_switch_2206-2sfx_firmware	< 3.50	Yes
Hardware	phoenixcontact	fl_switch_2206-2sfx	-	No
Operating System	phoenixcontact	fl_switch_2206-2sfx_pn_firmware	< 3.50	Yes
Hardware	phoenixcontact	fl_switch_2206-2sfx_pn	-	No
Operating System	phoenixcontact	fl_switch_2206c-2fx_firmware	< 3.50	Yes
Hardware	phoenixcontact	fl_switch_2206c-2fx	-	No
Operating System	phoenixcontact	fl_switch_2207-fx_firmware	< 3.50	Yes
Hardware	phoenixcontact	fl_switch_2207-fx	-	No
Operating System	phoenixcontact	fl_switch_2207-fx_sm_firmware	< 3.50	Yes
Hardware	phoenixcontact	fl_switch_2207-fx_sm	-	No
Operating System	phoenixcontact	fl_switch_2208_firmware	< 3.50	Yes
Hardware	phoenixcontact	fl_switch_2208	-	No
Operating System	phoenixcontact	fl_switch_2208_pn_firmware	< 3.50	Yes
Hardware	phoenixcontact	fl_switch_2208_pn	-	No
Operating System	phoenixcontact	fl_switch_2208c_firmware	< 3.50	Yes
Hardware	phoenixcontact	fl_switch_2208c	-	No
Operating System	phoenixcontact	fl_switch_2212-2tc-2sfx_firmware	< 3.50	Yes
Hardware	phoenixcontact	fl_switch_2212-2tc-2sfx	-	No
Operating System	phoenixcontact	fl_switch_2214-2fx_firmware	< 3.50	Yes
Hardware	phoenixcontact	fl_switch_2214-2fx	-	No
Operating System	phoenixcontact	fl_switch_2214-2fx_sm_firmware	< 3.50	Yes
Hardware	phoenixcontact	fl_switch_2214-2fx_sm	-	No
Operating System	phoenixcontact	fl_switch_2214-2sfx_firmware	< 3.50	Yes
Hardware	phoenixcontact	fl_switch_2214-2sfx	-	No
Operating System	phoenixcontact	fl_switch_2214-2sfx_pn_firmware	< 3.50	Yes
Hardware	phoenixcontact	fl_switch_2214-2sfx_pn	-	No
Operating System	phoenixcontact	fl_switch_2216_firmware	< 3.50	Yes
Hardware	phoenixcontact	fl_switch_2216	-	No
Operating System	phoenixcontact	fl_switch_2216_pn_firmware	< 3.50	Yes
Hardware	phoenixcontact	fl_switch_2216_pn	-	No
Operating System	phoenixcontact	fl_switch_2303-8sp1	< 3.5.0	Yes
Hardware	phoenixcontact	fl_switch_2303-8sp1	-	No
Operating System	phoenixcontact	fl_switch_2304-2gc-2sfp_firmware	< 3.50	Yes
Hardware	phoenixcontact	fl_switch_2304-2gc-2sfp	-	No
Operating System	phoenixcontact	fl_switch_2306-2sfp_firmware	< 3.50	Yes
Hardware	phoenixcontact	fl_switch_2306-2sfp	-	No
Operating System	phoenixcontact	fl_switch_2306-2sfp_pn_firmware	< 3.50	Yes
Hardware	phoenixcontact	fl_switch_2306-2sfp_pn	-	No
Operating System	phoenixcontact	fl_switch_2308_firmware	< 3.50	Yes
Hardware	phoenixcontact	fl_switch_2308	-	No
Operating System	phoenixcontact	fl_switch_2308_pn_firmware	< 3.50	Yes
Hardware	phoenixcontact	fl_switch_2308_pn	-	No
Operating System	phoenixcontact	fl_switch_2312-2gc-2sfp_firmware	< 3.50	Yes
Hardware	phoenixcontact	fl_switch_2312-2gc-2sfp	-	No
Operating System	phoenixcontact	fl_switch_2314-2sfp_firmware	< 3.50	Yes
Hardware	phoenixcontact	fl_switch_2314-2sfp	-	No
Operating System	phoenixcontact	fl_switch_2314-2sfp_pn_firmware	< 3.50	Yes
Hardware	phoenixcontact	fl_switch_2314-2sfp_pn	-	No
Operating System	phoenixcontact	fl_switch_2316\/k1_firmware	< 3.50	Yes
Hardware	phoenixcontact	fl_switch_2316\/k1	-	No
Operating System	phoenixcontact	fl_switch_2316_firmware	< 3.50	Yes
Hardware	phoenixcontact	fl_switch_2316	-	No
Operating System	phoenixcontact	fl_switch_2316_pn_firmware	< 3.50	Yes
Hardware	phoenixcontact	fl_switch_2316_pn	-	No
Operating System	phoenixcontact	fl_switch_2404-2tc-2sfx_firmware	< 3.50	Yes
Hardware	phoenixcontact	fl_switch_2404-2tc-2sfx	-	No
Operating System	phoenixcontact	fl_switch_2406-2sfx_firmware	< 3.50	Yes
Hardware	phoenixcontact	fl_switch_2406-2sfx	-	No
Operating System	phoenixcontact	fl_switch_2406-2sfx_pn_firmware	< 3.50	Yes
Hardware	phoenixcontact	fl_switch_2406-2sfx_pn	-	No
Operating System	phoenixcontact	fl_switch_2408_firmware	< 3.50	Yes
Hardware	phoenixcontact	fl_switch_2408	-	No
Operating System	phoenixcontact	fl_switch_2408_pn_firmware	< 3.50	Yes
Hardware	phoenixcontact	fl_switch_2408_pn	-	No
Operating System	phoenixcontact	fl_switch_2412-2tc-2sfx_firmware	< 3.50	Yes
Hardware	phoenixcontact	fl_switch_2412-2tc-2sfx	-	No
Operating System	phoenixcontact	fl_switch_2414-2sfx_firmware	< 3.50	Yes
Hardware	phoenixcontact	fl_switch_2414-2sfx	-	No
Operating System	phoenixcontact	fl_switch_2414-2sfx_pn_firmware	< 3.50	Yes
Hardware	phoenixcontact	fl_switch_2414-2sfx_pn	-	No
Operating System	phoenixcontact	fl_switch_2416_firmware	< 3.50	Yes
Hardware	phoenixcontact	fl_switch_2416	-	No
Operating System	phoenixcontact	fl_switch_2416_pn_firmware	< 3.50	Yes
Hardware	phoenixcontact	fl_switch_2416_pn	-	No
Operating System	phoenixcontact	fl_switch_2504-2gc-2sfp_firmware	< 3.50	Yes
Hardware	phoenixcontact	fl_switch_2504-2gc-2sfp	-	No
Operating System	phoenixcontact	fl_switch_2506-2sfp\/k1_firmware	< 3.50	Yes
Hardware	phoenixcontact	fl_switch_2506-2sfp\/k1	-	No
Operating System	phoenixcontact	fl_switch_2506-2sfp_firmware	< 3.50	Yes
Hardware	phoenixcontact	fl_switch_2506-2sfp	-	No
Operating System	phoenixcontact	fl_switch_2506-2sfp_pn_firmware	< 3.50	Yes
Hardware	phoenixcontact	fl_switch_2506-2sfp_pn	-	No
Operating System	phoenixcontact	fl_switch_2508\/k1_firmware	< 3.50	Yes
Hardware	phoenixcontact	fl_switch_2508\/k1	-	No
Operating System	phoenixcontact	fl_switch_2508_firmware	< 3.50	Yes
Hardware	phoenixcontact	fl_switch_2508	-	No
Operating System	phoenixcontact	fl_switch_2508_pn_firmware	< 3.50	Yes
Hardware	phoenixcontact	fl_switch_2508_pn	-	No
Operating System	phoenixcontact	fl_switch_2512-2gc-2sfp_firmware	< 3.50	Yes
Hardware	phoenixcontact	fl_switch_2512-2gc-2sfp	-	No
Operating System	phoenixcontact	fl_switch_2514-2sfp_firmware	< 3.50	Yes
Hardware	phoenixcontact	fl_switch_2514-2sfp	-	No
Operating System	phoenixcontact	fl_switch_2514-2sfp_pn_firmware	< 3.50	Yes
Hardware	phoenixcontact	fl_switch_2514-2sfp_pn	-	No
Operating System	phoenixcontact	fl_switch_2516_firmware	< 3.50	Yes
Hardware	phoenixcontact	fl_switch_2516	-	No
Operating System	phoenixcontact	fl_switch_2516_pn_firmware	< 3.50	Yes
Hardware	phoenixcontact	fl_switch_2516_pn	-	No
Operating System	phoenixcontact	fl_switch_2608_firmware	< 3.50	Yes
Hardware	phoenixcontact	fl_switch_2608	-	No
Operating System	phoenixcontact	fl_switch_2608_pn_firmware	< 3.50	Yes
Hardware	phoenixcontact	fl_switch_2608_pn	-	No
Operating System	phoenixcontact	fl_switch_2708_firmware	< 3.50	Yes
Hardware	phoenixcontact	fl_switch_2708	-	No
Operating System	phoenixcontact	fl_switch_2708_pn_firmware	< 3.50	Yes
Hardware	phoenixcontact	fl_switch_2708_pn	-	No

References

https://certvde.com/de/advisories/VDE-2025-071 Vendor Advisory ([email protected])

How SecUtils Interprets This CVE

SecUtils normalizes and enriches National Vulnerability Database (NVD) records by standardizing vendor and product identifiers, aggregating vulnerability metadata from both NVD and MITRE sources, and providing structured context for security teams. For phoenixcontact's affected products, we extract Common Platform Enumeration (CPE) data, Common Weakness Enumeration (CWE) classifications, CVSS severity metrics, and reference data to enable rapid vulnerability prioritization and asset correlation. This record contains no exploit code, proof-of-concept instructions, or attack methodologies—only defensive intelligence necessary for patch management, risk assessment, and security operations.