CVE-2025-41746 — HIGH (7.1)

Q: How severe is CVE-2025-41746?

CVE-2025-41746 has been rated HIGH with a CVSS base score of 7.1/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2025-41746?

Check the references section above for vendor advisories and patch information. Affected products include: Phoenixcontact Fl Switch 2406-2Sfx Pn Firmware, Phoenixcontact Fl Switch 2406-2Sfx Pn, Phoenixcontact Fl Switch 2408 Firmware, Phoenixcontact Fl Switch 2408, Phoenixcontact Fl Switch 2408 Pn Firmware.

Vulnerability Description

An XSS vulnerability in pxc_portSecCfg.php can be used by an unauthenticated remote attacker to trick an authenticated user to send a manipulated POST request to the device in order to change parameters available via web based management (WBM). The vulnerability does not provide access to system-level resources such as operating system internals or privileged functions. Access is limited to device configuration parameters that are available in the context of the web application. The session cookie is secured by the httpOnly Flag. Therefore an attacker is not able to take over the session of an authenticated user.

CVSS Score

7.1

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

LOW

Integrity

LOW

Availability

LOW

Affected Products

Vendor	Product	Versions
Phoenixcontact	Fl Switch 2406-2Sfx Pn Firmware	< 3.50
Phoenixcontact	Fl Switch 2406-2Sfx Pn	-
Phoenixcontact	Fl Switch 2408 Firmware	< 3.50
Phoenixcontact	Fl Switch 2408	-
Phoenixcontact	Fl Switch 2408 Pn Firmware	< 3.50
Phoenixcontact	Fl Switch 2408 Pn	-
Phoenixcontact	Fl Switch 2412-2Tc-2Sfx Firmware	< 3.50
Phoenixcontact	Fl Switch 2412-2Tc-2Sfx	-
Phoenixcontact	Fl Switch 2414-2Sfx Firmware	< 3.50
Phoenixcontact	Fl Switch 2414-2Sfx	-
Phoenixcontact	Fl Switch 2414-2Sfx Pn Firmware	< 3.50
Phoenixcontact	Fl Switch 2414-2Sfx Pn	-
Phoenixcontact	Fl Switch 2416 Firmware	< 3.50
Phoenixcontact	Fl Switch 2416	-
Phoenixcontact	Fl Switch 2416 Pn Firmware	< 3.50
Phoenixcontact	Fl Switch 2416 Pn	-
Phoenixcontact	Fl Switch 2504-2Gc-2Sfp Firmware	< 3.50
Phoenixcontact	Fl Switch 2504-2Gc-2Sfp	-
Phoenixcontact	Fl Switch 2506-2Sfp Firmware	< 3.50
Phoenixcontact	Fl Switch 2506-2Sfp	-

Related Weaknesses (CWE)

CWE-79

References

https://certvde.com/de/advisories/VDE-2025-071Vendor Advisory

FAQ

What is CVE-2025-41746?

CVE-2025-41746 is a vulnerability with a CVSS score of 7.1 (HIGH). An XSS vulnerability in pxc_portSecCfg.php can be used by an unauthenticated remote attacker to trick an authenticated user to send a manipulated POST request to the device in order to change paramete...

How severe is CVE-2025-41746?

CVE-2025-41746 has been rated HIGH with a CVSS base score of 7.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-41746?

Check the references section above for vendor advisories and patch information. Affected products include: Phoenixcontact Fl Switch 2406-2Sfx Pn Firmware, Phoenixcontact Fl Switch 2406-2Sfx Pn, Phoenixcontact Fl Switch 2408 Firmware, Phoenixcontact Fl Switch 2408, Phoenixcontact Fl Switch 2408 Pn Firmware.