CVE-2025-24005

HIGH

Phoenixcontact Charx Sec-3000 Firmware - Improper Input Validation

Title source: rule

A local attacker with a local user account can leverage a vulnerable script via SSH to escalate privileges to root due to improper input validation.

CVSS v3 7.8

EPSS 0.0003

EPSS Percentile 7.5%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-20

Status published

phoenixcontact/charx_sec-3000_firmware < 1.7.3

phoenixcontact/charx_sec-3050_firmware < 1.7.3

phoenixcontact/charx_sec-3100_firmware < 1.7.3

phoenixcontact/charx_sec-3150_firmware < 1.7.3

Published Jul 08, 2025

Tracked Since Feb 18, 2026