CVE-2025-25268

HIGH

Phoenixcontact Phoenix Contact CHARX SEC-3000/3050/3100/3150 Firmware <= 1.7.3 - Missing Authentication

Title source: llm

Description

An unauthenticated adjacent attacker can modify configuration by sending specific requests to an API-endpoint resulting in read and write access due to missing authentication.

References (1)

Core 1

Core References

Third Party Advisory

https://certvde.com/de/advisories/VDE-2025-019

Scores

CVSS v3 8.8

EPSS 0.0030

EPSS Percentile 21.3%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-306

Status published

Products (4)

phoenixcontact/charx_sec-3000_firmware < 1.7.3

phoenixcontact/charx_sec-3050_firmware < 1.7.3

phoenixcontact/charx_sec-3100_firmware < 1.7.3

phoenixcontact/charx_sec-3150_firmware < 1.7.3

Published Jul 08, 2025

Tracked Since Feb 18, 2026