CVE-2025-25271
HIGHDescription
An unauthenticated adjacent attacker is able to configure a new OCPP backend, due to insecure defaults for the configuration interface.
Is your site exposed to CVE-2025-25271?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| phoenixcontact | charx_sec-3000_firmware |
| phoenixcontact | charx_sec-3000 |
| phoenixcontact | charx_sec-3050_firmware |
| phoenixcontact | charx_sec-3050 |
| phoenixcontact | charx_sec-3100_firmware |
| phoenixcontact | charx_sec-3100 |
| phoenixcontact | charx_sec-3150_firmware |
| phoenixcontact | charx_sec-3150 |
References
Other References
Frequently Asked Questions
What is CVE-2025-25271? +
How severe is CVE-2025-25271? +
What products are affected by CVE-2025-25271? +
How do I check if I'm vulnerable to CVE-2025-25271? +
Related Vulnerabilities
MISP contains an insecure default configuration in which the Security.check_sec_fetch_site_header control is disabled. When this setting is disabled, state-changing requests …
P4 Server versions prior to 2026.1 are configured with insecure default settings that, when exposed to untrusted networks, allow unauthenticated …
A configuration weakness in the device’s remote management service allows an authenticated session to be established over a communication channel …
Filament is a collection of full-stack components for accelerated Laravel development. All Filament features that interact with storage use the …
SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, the kernel stores Attribute View (AV / database) names …
SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, he tooltip mouseover handler in app/src/block/popover.ts reads aria-label via …