CVE-2025-41669— Insufficient Verification of Data Authenticity
Possible ATT&CK Techniques 3AI
T1068 · Exploitation for Privilege Escalation T1059 · Command and Scripting Interpreter T1190 · Exploit Public-Facing ApplicationAffected Version Matrix 14
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Phoenix Contact | AXC F 1152 | 0.0.0< 2026.0.3 | affected |
| Phoenix Contact | AXC F 1252 | 0.0.0< 2026.0.3 | affected |
| Phoenix Contact | AXC F 2000 EA | 0.0.0< 2026.0.3 | affected |
| Phoenix Contact | AXC F 2152 | 0.0.0< 2026.0.3 | affected |
| Phoenix Contact | AXC F 3152 | 0.0.0< 2026.0.3 | affected |
| Phoenix Contact | BPC 9102S | 0.0.0< 2026.0.3 | affected |
| Phoenix Contact | EPC 1522 | 0.0.0< 2026.0.3 | affected |
| Phoenix Contact | RFC 4072R | 0.0.0< 2026.0.3 | affected |
| Phoenix Contact | RFC 4072S | 0.0.0< 2026.0.3 | affected |
| Phoenix Contact | VL3 UPC 2440 EDGE | 0.0.0< 2026.0.3 | affected |
| Phoenix Contact | VPLCNEXT CONTROL 1000 | 0.0.0< 2026.0.3 | affected |
| Phoenix Contact | VPLCNEXT CONTROL 2000 | 0.0.0< 2026.0.3 | affected |
| Phoenix Contact | VPLCNEXT CONTROL 3000 | 0.0.0< 2026.0.3 | affected |
| Phoenix Contact | VPLCNEXT CONTROL 500 | 0.0.0< 2026.0.3 | affected |
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2025-41669
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Insufficient Verification of Data Authenticity
Source: NVD (National Vulnerability Database)
Vulnerability Description
The Web-based Management allows a remote low privileged Engineer user to install additional APPs on the device downloaded from the PLCnext Store without implementing any data verification mechanism, leading to the capability for an Engineer user to reach arbitrary code execution with root privileges on the PLC device. A successful exploitation may allow to install a manipulated APP package, potentially impacting integrity and availability of the PLCnext Control.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
密码学签名的验证不恰当
Source: NVD (National Vulnerability Database)
Vulnerability Title
PHOENIX CONTACT多款产品 数据伪造问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
PHOENIX CONTACT AXC F 1152等都是德国菲尼克斯电气(PHOENIX CONTACT)公司的一款控制器设备。 PHOENIX CONTACT多款产品存在数据伪造问题漏洞,该漏洞源于允许远程低权限工程师用户从PLCnext Store下载安装APP时未实施数据验证机制,可能导致工程师用户以root权限执行任意代码,影响PLCnext Control的完整性和可用性。以下产品受到影响:AXC F 1152、AXC F 1252、AXC F 2000 EA、AXC F 2152等。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Phoenix Contact | AXC F 1152 | 0.0.0 ~ 2026.0.3 | - | |
| Phoenix Contact | AXC F 1252 | 0.0.0 ~ 2026.0.3 | - | |
| Phoenix Contact | AXC F 2000 EA | 0.0.0 ~ 2026.0.3 | - | |
| Phoenix Contact | AXC F 2152 | 0.0.0 ~ 2026.0.3 | - | |
| Phoenix Contact | AXC F 3152 | 0.0.0 ~ 2026.0.3 | - | |
| Phoenix Contact | BPC 9102S | 0.0.0 ~ 2026.0.3 | - | |
| Phoenix Contact | EPC 1522 | 0.0.0 ~ 2026.0.3 | - | |
| Phoenix Contact | RFC 4072R | 0.0.0 ~ 2026.0.3 | - | |
| Phoenix Contact | RFC 4072S | 0.0.0 ~ 2026.0.3 | - | |
| Phoenix Contact | VL3 UPC 2440 EDGE | 0.0.0 ~ 2026.0.3 | - | |
| Phoenix Contact | VPLCNEXT CONTROL 1000 | 0.0.0 ~ 2026.0.3 | - | |
| Phoenix Contact | VPLCNEXT CONTROL 2000 | 0.0.0 ~ 2026.0.3 | - | |
| Phoenix Contact | VPLCNEXT CONTROL 3000 | 0.0.0 ~ 2026.0.3 | - | |
| Phoenix Contact | VPLCNEXT CONTROL 500 | 0.0.0 ~ 2026.0.3 | - |
II. Public POCs for CVE-2025-41669
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2025-41669
请登录查看更多情报信息。
Vendor Advisories for CVE-2025-41669 (1)
IV. Related Vulnerabilities
Same product: AXC F 1152
- CVE-2025-41670
Untrusted Search Path - CVE-2025-41668
Phoenix Contact: File access due to the replacement of a cri - CVE-2025-41667
Phoenix Contact: File access due to the replacement of a cri - CVE-2025-41666
Phoenix Contact: File access due to the replacement of a cri - CVE-2025-41665
Phoenix Contact: DoS of the PLC due to incorrect default per
Same vendor: Phoenix Contact
- CVE-2026-41032
Phoenix Contact: Unauthenticated log download vulnerability - CVE-2025-41670
Untrusted Search Path - CVE-2024-43384
Phoenix Contact: Improper removal of sensitive information i - CVE-2026-22323
Cross‑Site Request Forgery in Link Aggregation Configuration - CVE-2026-22322
Stored Cross‑Site Scripting in Link Aggregation Name Handlin
Same weakness: CWE-347
- CVE-2026-48558
SimpleHelp Authentication Bypass via Missing OIDC JWT Signat - CVE-2026-50010
Netty's wrapping plain trust manager silently disables hostn - CVE-2026-50634
Apache CXF: WS JSON request filter trusts metadata from an u - CVE-2026-41005
UAA accepts SAML Encrypted Assertions authentication bypass - CVE-2026-10795
UpdraftPlus: WP Backup & Migration Plugin <= 1.26.4 - Unauth
V. Comments for CVE-2025-41669
No comments yet