8.8
CVE-2025-41667
- EPSS 1.18%
- Veröffentlicht 08.07.2025 07:03:50
- Zuletzt bearbeitet 15.04.2026 00:35:42
- Quelle info@cert.vde.com
- CVE-Watchlists
- Unerledigt
Phoenix Contact: File access due to the replacement of a critical file used by the arp-preinit script
A low privileged remote attacker with file access can replace a critical file used by the arp-preinit script to get read, write and execute access to any file on the device.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerPHOENIX CONTACT
≫
Produkt
AXC F 1152
Default Statusunaffected
Version
0
Version <
2025.0.2
Status
affected
HerstellerPHOENIX CONTACT
≫
Produkt
AXC F 2152
Default Statusunaffected
Version
0
Version <
2025.0.2
Status
affected
HerstellerPHOENIX CONTACT
≫
Produkt
AXC F 3152
Default Statusunaffected
Version
0
Version <
2025.0.2
Status
affected
HerstellerPHOENIX CONTACT
≫
Produkt
BPC 9102S
Default Statusunaffected
Version
0
Version <
2025.0.2
Status
affected
HerstellerPHOENIX CONTACT
≫
Produkt
RFC 4072S
Default Statusunaffected
Version
0
Version <
2025.0.2
Status
affected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.18% | 0.788 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| info@cert.vde.com | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
CWE-59 Improper Link Resolution Before File Access ('Link Following')
The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.