CVE-2025-41694 — MEDIUM (6.5)

Q: How severe is CVE-2025-41694?

CVE-2025-41694 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2025-41694?

Check the references section above for vendor advisories and patch information. Affected products include: Phoenixcontact Fl Switch 2708 Pn Firmware, Phoenixcontact Fl Switch 2708 Pn, Phoenixcontact Fl Switch 2708 Firmware, Phoenixcontact Fl Switch 2708, Phoenixcontact Fl Switch 2608 Pn Firmware.

Vulnerability Description

A low privileged remote attacker can run the webshell with an empty command containing whitespace. The server will then block until it receives more data, resulting in a DoS condition of the websserver.

CVSS Score

6.5

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Phoenixcontact	Fl Switch 2708 Pn Firmware	< 3.50
Phoenixcontact	Fl Switch 2708 Pn	-
Phoenixcontact	Fl Switch 2708 Firmware	< 3.50
Phoenixcontact	Fl Switch 2708	-
Phoenixcontact	Fl Switch 2608 Pn Firmware	< 3.50
Phoenixcontact	Fl Switch 2608 Pn	-
Phoenixcontact	Fl Switch 2608 Firmware	< 3.50
Phoenixcontact	Fl Switch 2608	-
Phoenixcontact	Fl Switch 2516 Pn Firmware	< 3.50
Phoenixcontact	Fl Switch 2516 Pn	-
Phoenixcontact	Fl Switch 2208C Firmware	< 3.50
Phoenixcontact	Fl Switch 2208C	-
Phoenixcontact	Fl Switch 2208 Pn Firmware	< 3.50
Phoenixcontact	Fl Switch 2208 Pn	-
Phoenixcontact	Fl Switch 2208 Firmware	< 3.50
Phoenixcontact	Fl Switch 2208	-
Phoenixcontact	Fl Switch 2207-Fx Sm Firmware	< 3.50
Phoenixcontact	Fl Switch 2207-Fx Sm	-
Phoenixcontact	Fl Switch 2207-Fx Firmware	< 3.50
Phoenixcontact	Fl Switch 2207-Fx	-

Related Weaknesses (CWE)

CWE-770

References

https://certvde.com/de/advisories/VDE-2025-071Third Party Advisory

FAQ

What is CVE-2025-41694?

CVE-2025-41694 is a vulnerability with a CVSS score of 6.5 (MEDIUM). A low privileged remote attacker can run the webshell with an empty command containing whitespace. The server will then block until it receives more data, resulting in a DoS condition of the websserve...

How severe is CVE-2025-41694?

CVE-2025-41694 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-41694?

Check the references section above for vendor advisories and patch information. Affected products include: Phoenixcontact Fl Switch 2708 Pn Firmware, Phoenixcontact Fl Switch 2708 Pn, Phoenixcontact Fl Switch 2708 Firmware, Phoenixcontact Fl Switch 2708, Phoenixcontact Fl Switch 2608 Pn Firmware.