CVE-2025-25270
CRITICALDescription
An unauthenticated remote attacker can alter the device configuration in a way to get remote code execution as root with specific configurations.
Is your site exposed to CVE-2025-25270?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| phoenixcontact | charx_sec-3000_firmware |
| phoenixcontact | charx_sec-3000 |
| phoenixcontact | charx_sec-3050_firmware |
| phoenixcontact | charx_sec-3050 |
| phoenixcontact | charx_sec-3100_firmware |
| phoenixcontact | charx_sec-3100 |
| phoenixcontact | charx_sec-3150_firmware |
| phoenixcontact | charx_sec-3150 |
References
Other References
Frequently Asked Questions
What is CVE-2025-25270? +
How severe is CVE-2025-25270? +
What products are affected by CVE-2025-25270? +
How do I check if I'm vulnerable to CVE-2025-25270? +
Related Vulnerabilities
A vulnerability exists in Google Apigee's JavaCallout policy https://docs.apigee.com/api-platform/reference/policies/java-callout-policy that allows for remote code execution. It is possible for a …
An issue was discovered in all versions of PCManFM-Qt starting from 1.1.0. When a regular file's path is passed as …
vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, by combining Buffer.call.call({}.__lookupGetter__, Buffer, "__proto__"), Buffer.call.call({}.__lookupSetter__, Buffer, "__proto__"), …
vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, the fix for GHSA-8hg8-63c5-gwmx (CVE-2023-37903) introduced a check …
vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, VM2 suffers from a sandbox breakout vulnerability. This …
n8n is an open source workflow automation platform. Versions starting with 0.211.0 and prior to 1.120.4, 1.121.1, and 1.122.0 contain …