CVE-2025-41692 — MEDIUM (6.8)

Q: What is CVE-2025-41692?

CVE-2025-41692 is a vulnerability with a CVSS score of 6.8 (MEDIUM). A high privileged remote attacker with admin privileges for the webUI can brute-force the "root" and "user" passwords of the underlying OS due to a weak password generation algorithm.

Q: How severe is CVE-2025-41692?

CVE-2025-41692 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2025-41692?

Check the references section above for vendor advisories and patch information. Affected products include: Phoenixcontact Fl Switch 2708 Pn Firmware, Phoenixcontact Fl Switch 2708 Pn, Phoenixcontact Fl Switch 2708 Firmware, Phoenixcontact Fl Switch 2708, Phoenixcontact Fl Switch 2608 Pn Firmware.

Vulnerability Description

A high privileged remote attacker with admin privileges for the webUI can brute-force the "root" and "user" passwords of the underlying OS due to a weak password generation algorithm.

CVSS Score

6.8

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Phoenixcontact	Fl Switch 2708 Pn Firmware	< 3.50
Phoenixcontact	Fl Switch 2708 Pn	-
Phoenixcontact	Fl Switch 2708 Firmware	< 3.50
Phoenixcontact	Fl Switch 2708	-
Phoenixcontact	Fl Switch 2608 Pn Firmware	< 3.50
Phoenixcontact	Fl Switch 2608 Pn	-
Phoenixcontact	Fl Switch 2608 Firmware	< 3.50
Phoenixcontact	Fl Switch 2608	-
Phoenixcontact	Fl Switch 2516 Pn Firmware	< 3.50
Phoenixcontact	Fl Switch 2516 Pn	-
Phoenixcontact	Fl Switch 2208C Firmware	< 3.50
Phoenixcontact	Fl Switch 2208C	-
Phoenixcontact	Fl Switch 2208 Pn Firmware	< 3.50
Phoenixcontact	Fl Switch 2208 Pn	-
Phoenixcontact	Fl Switch 2208 Firmware	< 3.50
Phoenixcontact	Fl Switch 2208	-
Phoenixcontact	Fl Switch 2207-Fx Sm Firmware	< 3.50
Phoenixcontact	Fl Switch 2207-Fx Sm	-
Phoenixcontact	Fl Switch 2207-Fx Firmware	< 3.50
Phoenixcontact	Fl Switch 2207-Fx	-

Related Weaknesses (CWE)

CWE-916

References

https://certvde.com/de/advisories/VDE-2025-071Third Party Advisory

FAQ

What is CVE-2025-41692?

CVE-2025-41692 is a vulnerability with a CVSS score of 6.8 (MEDIUM). A high privileged remote attacker with admin privileges for the webUI can brute-force the "root" and "user" passwords of the underlying OS due to a weak password generation algorithm.

How severe is CVE-2025-41692?

CVE-2025-41692 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-41692?

Check the references section above for vendor advisories and patch information. Affected products include: Phoenixcontact Fl Switch 2708 Pn Firmware, Phoenixcontact Fl Switch 2708 Pn, Phoenixcontact Fl Switch 2708 Firmware, Phoenixcontact Fl Switch 2708, Phoenixcontact Fl Switch 2608 Pn Firmware.