CVE-2025-41697 — MEDIUM (6.8)

Q: What is CVE-2025-41697?

CVE-2025-41697 is a vulnerability with a CVSS score of 6.8 (MEDIUM). An attacker can use an undocumented UART port on the PCB as a side-channel to get root access e.g. with the credentials obtained from CVE-2025-41692.

Q: How severe is CVE-2025-41697?

CVE-2025-41697 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2025-41697?

Check the references section above for vendor advisories and patch information. Affected products include: Phoenixcontact Fl Switch 2708 Pn Firmware, Phoenixcontact Fl Switch 2708 Pn, Phoenixcontact Fl Switch 2708 Firmware, Phoenixcontact Fl Switch 2708, Phoenixcontact Fl Switch 2608 Pn Firmware.

Vulnerability Description

An attacker can use an undocumented UART port on the PCB as a side-channel to get root access e.g. with the credentials obtained from CVE-2025-41692.

CVSS Score

6.8

MEDIUM

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Phoenixcontact	Fl Switch 2708 Pn Firmware	< 3.50
Phoenixcontact	Fl Switch 2708 Pn	-
Phoenixcontact	Fl Switch 2708 Firmware	< 3.50
Phoenixcontact	Fl Switch 2708	-
Phoenixcontact	Fl Switch 2608 Pn Firmware	< 3.50
Phoenixcontact	Fl Switch 2608 Pn	-
Phoenixcontact	Fl Switch 2608 Firmware	< 3.50
Phoenixcontact	Fl Switch 2608	-
Phoenixcontact	Fl Switch 2516 Pn Firmware	< 3.50
Phoenixcontact	Fl Switch 2516 Pn	-
Phoenixcontact	Fl Switch 2516 Firmware	< 3.50
Phoenixcontact	Fl Switch 2516	-
Phoenixcontact	Fl Switch 2514-2Sfp Pn Firmware	< 3.50
Phoenixcontact	Fl Switch 2514-2Sfp Pn	-
Phoenixcontact	Fl Switch 2514-2Sfp Firmware	< 3.50
Phoenixcontact	Fl Switch 2514-2Sfp	-
Phoenixcontact	Fl Switch 2512-2Gc-2Sfp Firmware	< 3.50
Phoenixcontact	Fl Switch 2512-2Gc-2Sfp	-
Phoenixcontact	Fl Switch 2508 Pn Firmware	< 3.50
Phoenixcontact	Fl Switch 2508 Pn	-

Related Weaknesses (CWE)

CWE-1299

References

https://certvde.com/de/advisories/VDE-2025-071Third Party Advisory

FAQ

What is CVE-2025-41697?

CVE-2025-41697 is a vulnerability with a CVSS score of 6.8 (MEDIUM). An attacker can use an undocumented UART port on the PCB as a side-channel to get root access e.g. with the credentials obtained from CVE-2025-41692.

How severe is CVE-2025-41697?

CVE-2025-41697 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-41697?

Check the references section above for vendor advisories and patch information. Affected products include: Phoenixcontact Fl Switch 2708 Pn Firmware, Phoenixcontact Fl Switch 2708 Pn, Phoenixcontact Fl Switch 2708 Firmware, Phoenixcontact Fl Switch 2708, Phoenixcontact Fl Switch 2608 Pn Firmware.