CVE-2025-41697

MEDIUM
Published Dec 9, 2025 Modified Dec 19, 2025 CWE-1299

Description

An attacker can use an undocumented UART port on the PCB as a side-channel to get root access e.g. with the credentials obtained from CVE-2025-41692.

CVSS v3.1 Score

6.8
MEDIUM
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Weakness Type (CWE)

CWE-1299 CWE-1299

Affected Products

Vendor Product
phoenixcontact fl_switch_2708_pn_firmware
phoenixcontact fl_switch_2708_pn
phoenixcontact fl_switch_2708_firmware
phoenixcontact fl_switch_2708
phoenixcontact fl_switch_2608_pn_firmware
phoenixcontact fl_switch_2608_pn
phoenixcontact fl_switch_2608_firmware
phoenixcontact fl_switch_2608
phoenixcontact fl_switch_2516_pn_firmware
phoenixcontact fl_switch_2516_pn
phoenixcontact fl_switch_2516_firmware
phoenixcontact fl_switch_2516
phoenixcontact fl_switch_2514-2sfp_pn_firmware
phoenixcontact fl_switch_2514-2sfp_pn
phoenixcontact fl_switch_2514-2sfp_firmware
phoenixcontact fl_switch_2514-2sfp
phoenixcontact fl_switch_2512-2gc-2sfp_firmware
phoenixcontact fl_switch_2512-2gc-2sfp
phoenixcontact fl_switch_2508_pn_firmware
phoenixcontact fl_switch_2508_pn
phoenixcontact fl_switch_2508\/k1_firmware
phoenixcontact fl_switch_2508\/k1
phoenixcontact fl_switch_2508_firmware
phoenixcontact fl_switch_2508
phoenixcontact fl_switch_2506-2sfp_pn_firmware
phoenixcontact fl_switch_2506-2sfp_pn
phoenixcontact fl_switch_2506-2sfp\/k1_firmware
phoenixcontact fl_switch_2506-2sfp\/k1
phoenixcontact fl_switch_2506-2sfp_firmware
phoenixcontact fl_switch_2506-2sfp
phoenixcontact fl_switch_2504-2gc-2sfp_firmware
phoenixcontact fl_switch_2504-2gc-2sfp
phoenixcontact fl_switch_2416_pn_firmware
phoenixcontact fl_switch_2416_pn
phoenixcontact fl_switch_2416_firmware
phoenixcontact fl_switch_2416
phoenixcontact fl_switch_2414-2sfx_pn_firmware
phoenixcontact fl_switch_2414-2sfx_pn
phoenixcontact fl_switch_2414-2sfx_firmware
phoenixcontact fl_switch_2414-2sfx
phoenixcontact fl_switch_2412-2tc-2sfx_firmware
phoenixcontact fl_switch_2412-2tc-2sfx
phoenixcontact fl_switch_2408_pn_firmware
phoenixcontact fl_switch_2408_pn
phoenixcontact fl_switch_2408_firmware
phoenixcontact fl_switch_2408
phoenixcontact fl_switch_2406-2sfx_pn_firmware
phoenixcontact fl_switch_2406-2sfx_pn
phoenixcontact fl_switch_2406-2sfx_firmware
phoenixcontact fl_switch_2406-2sfx
phoenixcontact fl_switch_2404-2tc-2sfx_firmware
phoenixcontact fl_switch_2404-2tc-2sfx
phoenixcontact fl_switch_2316_pn_firmware
phoenixcontact fl_switch_2316_pn
phoenixcontact fl_switch_2316\/k1_firmware
phoenixcontact fl_switch_2316\/k1
phoenixcontact fl_switch_2316_firmware
phoenixcontact fl_switch_2316
phoenixcontact fl_switch_2314-2sfp_pn_firmware
phoenixcontact fl_switch_2314-2sfp_pn
phoenixcontact fl_switch_2314-2sfp_firmware
phoenixcontact fl_switch_2314-2sfp
phoenixcontact fl_switch_2312-2gc-2sfp_firmware
phoenixcontact fl_switch_2312-2gc-2sfp
phoenixcontact fl_switch_2308_pn_firmware
phoenixcontact fl_switch_2308_pn
phoenixcontact fl_switch_2308_firmware
phoenixcontact fl_switch_2308
phoenixcontact fl_switch_2306-2sfp_pn_firmware
phoenixcontact fl_switch_2306-2sfp_pn
phoenixcontact fl_switch_2306-2sfp_firmware
phoenixcontact fl_switch_2306-2sfp
phoenixcontact fl_switch_2304-2gc-2sfp_firmware
phoenixcontact fl_switch_2304-2gc-2sfp
phoenixcontact fl_switch_2303-8sp1
phoenixcontact fl_switch_2303-8sp1
phoenixcontact fl_switch_2216_pn_firmware
phoenixcontact fl_switch_2216_pn
phoenixcontact fl_switch_2216_firmware
phoenixcontact fl_switch_2216
phoenixcontact fl_switch_2214-2sfx_pn_firmware
phoenixcontact fl_switch_2214-2sfx_pn
phoenixcontact fl_switch_2214-2sfx_firmware
phoenixcontact fl_switch_2214-2sfx
phoenixcontact fl_switch_2214-2fx_sm_firmware
phoenixcontact fl_switch_2214-2fx_sm
phoenixcontact fl_switch_2214-2fx_firmware
phoenixcontact fl_switch_2214-2fx
phoenixcontact fl_switch_2212-2tc-2sfx_firmware
phoenixcontact fl_switch_2212-2tc-2sfx
phoenixcontact fl_switch_2208c_firmware
phoenixcontact fl_switch_2208c
phoenixcontact fl_switch_2208_pn_firmware
phoenixcontact fl_switch_2208_pn
phoenixcontact fl_switch_2208_firmware
phoenixcontact fl_switch_2208
phoenixcontact fl_switch_2207-fx_sm_firmware
phoenixcontact fl_switch_2207-fx_sm
phoenixcontact fl_switch_2207-fx_firmware
phoenixcontact fl_switch_2207-fx
phoenixcontact fl_switch_2206c-2fx_firmware
phoenixcontact fl_switch_2206c-2fx
phoenixcontact fl_switch_2206-2sfx_pn_firmware
phoenixcontact fl_switch_2206-2sfx_pn
phoenixcontact fl_switch_2206-2sfx_firmware
phoenixcontact fl_switch_2206-2sfx
phoenixcontact fl_switch_2206-2fx_st_firmware
phoenixcontact fl_switch_2206-2fx_st
phoenixcontact fl_switch_2206-2fx_sm_st_firmware
phoenixcontact fl_switch_2206-2fx_sm_st
phoenixcontact fl_switch_2206-2fx_sm_firmware
phoenixcontact fl_switch_2206-2fx_sm
phoenixcontact fl_switch_2206-2fx_firmware
phoenixcontact fl_switch_2206-2fx
phoenixcontact fl_switch_2205_firmware
phoenixcontact fl_switch_2205
phoenixcontact fl_switch_2204-2tc-2sfx_firmware
phoenixcontact fl_switch_2204-2tc-2sfx
phoenixcontact fl_switch_2116_firmware
phoenixcontact fl_switch_2116
phoenixcontact fl_switch_2108_firmware
phoenixcontact fl_switch_2108
phoenixcontact fl_switch_2105_firmware
phoenixcontact fl_switch_2105
phoenixcontact fl_switch_2016_firmware
phoenixcontact fl_switch_2016
phoenixcontact fl_switch_2008f_firmware
phoenixcontact fl_switch_2008f
phoenixcontact fl_switch_2008_firmware
phoenixcontact fl_switch_2008
phoenixcontact fl_switch_2005_firmware
phoenixcontact fl_switch_2005
phoenixcontact fl_nat_2304-2gc-2sfp_firmware
phoenixcontact fl_nat_2304-2gc-2sfp
phoenixcontact fl_nat_2208_firmware
phoenixcontact fl_nat_2208
phoenixcontact fl_nat_2008_firmware
phoenixcontact fl_nat_2008

References

Frequently Asked Questions

What is CVE-2025-41697? +
An attacker can use an undocumented UART port on the PCB as a side-channel to get root access e.g. with the credentials obtained from CVE-2025-41692. It has a CVSS v3.1 base score of 6.8 (MEDIUM).
How severe is CVE-2025-41697? +
CVE-2025-41697 has a CVSS v3.1 score of 6.8 out of 10, rated MEDIUM. This is a medium-severity vulnerability that should be remediated as part of regular maintenance.
What products are affected by CVE-2025-41697? +
CVE-2025-41697 affects products from phoenixcontact, specifically: fl_nat_2008, fl_nat_2008_firmware, fl_nat_2208, fl_nat_2208_firmware, fl_nat_2304-2gc-2sfp, fl_nat_2304-2gc-2sfp_firmware, fl_switch_2005, fl_switch_2005_firmware, fl_switch_2008, fl_switch_2008_firmware, fl_switch_2008f, fl_switch_2008f_firmware, fl_switch_2016, fl_switch_2016_firmware, fl_switch_2105, fl_switch_2105_firmware, fl_switch_2108, fl_switch_2108_firmware, fl_switch_2116, fl_switch_2116_firmware, fl_switch_2204-2tc-2sfx, fl_switch_2204-2tc-2sfx_firmware, fl_switch_2205, fl_switch_2205_firmware, fl_switch_2206-2fx, fl_switch_2206-2fx_firmware, fl_switch_2206-2fx_sm, fl_switch_2206-2fx_sm_firmware, fl_switch_2206-2fx_sm_st, fl_switch_2206-2fx_sm_st_firmware, fl_switch_2206-2fx_st, fl_switch_2206-2fx_st_firmware, fl_switch_2206-2sfx, fl_switch_2206-2sfx_firmware, fl_switch_2206-2sfx_pn, fl_switch_2206-2sfx_pn_firmware, fl_switch_2206c-2fx, fl_switch_2206c-2fx_firmware, fl_switch_2207-fx, fl_switch_2207-fx_firmware, fl_switch_2207-fx_sm, fl_switch_2207-fx_sm_firmware, fl_switch_2208, fl_switch_2208_firmware, fl_switch_2208_pn, fl_switch_2208_pn_firmware, fl_switch_2208c, fl_switch_2208c_firmware, fl_switch_2212-2tc-2sfx, fl_switch_2212-2tc-2sfx_firmware, fl_switch_2214-2fx, fl_switch_2214-2fx_firmware, fl_switch_2214-2fx_sm, fl_switch_2214-2fx_sm_firmware, fl_switch_2214-2sfx, fl_switch_2214-2sfx_firmware, fl_switch_2214-2sfx_pn, fl_switch_2214-2sfx_pn_firmware, fl_switch_2216, fl_switch_2216_firmware, fl_switch_2216_pn, fl_switch_2216_pn_firmware, fl_switch_2303-8sp1, fl_switch_2304-2gc-2sfp, fl_switch_2304-2gc-2sfp_firmware, fl_switch_2306-2sfp, fl_switch_2306-2sfp_firmware, fl_switch_2306-2sfp_pn, fl_switch_2306-2sfp_pn_firmware, fl_switch_2308, fl_switch_2308_firmware, fl_switch_2308_pn, fl_switch_2308_pn_firmware, fl_switch_2312-2gc-2sfp, fl_switch_2312-2gc-2sfp_firmware, fl_switch_2314-2sfp, fl_switch_2314-2sfp_firmware, fl_switch_2314-2sfp_pn, fl_switch_2314-2sfp_pn_firmware, fl_switch_2316, fl_switch_2316\/k1, fl_switch_2316\/k1_firmware, fl_switch_2316_firmware, fl_switch_2316_pn, fl_switch_2316_pn_firmware, fl_switch_2404-2tc-2sfx, fl_switch_2404-2tc-2sfx_firmware, fl_switch_2406-2sfx, fl_switch_2406-2sfx_firmware, fl_switch_2406-2sfx_pn, fl_switch_2406-2sfx_pn_firmware, fl_switch_2408, fl_switch_2408_firmware, fl_switch_2408_pn, fl_switch_2408_pn_firmware, fl_switch_2412-2tc-2sfx, fl_switch_2412-2tc-2sfx_firmware, fl_switch_2414-2sfx, fl_switch_2414-2sfx_firmware, fl_switch_2414-2sfx_pn, fl_switch_2414-2sfx_pn_firmware, fl_switch_2416, fl_switch_2416_firmware, fl_switch_2416_pn, fl_switch_2416_pn_firmware, fl_switch_2504-2gc-2sfp, fl_switch_2504-2gc-2sfp_firmware, fl_switch_2506-2sfp, fl_switch_2506-2sfp\/k1, fl_switch_2506-2sfp\/k1_firmware, fl_switch_2506-2sfp_firmware, fl_switch_2506-2sfp_pn, fl_switch_2506-2sfp_pn_firmware, fl_switch_2508, fl_switch_2508\/k1, fl_switch_2508\/k1_firmware, fl_switch_2508_firmware, fl_switch_2508_pn, fl_switch_2508_pn_firmware, fl_switch_2512-2gc-2sfp, fl_switch_2512-2gc-2sfp_firmware, fl_switch_2514-2sfp, fl_switch_2514-2sfp_firmware, fl_switch_2514-2sfp_pn, fl_switch_2514-2sfp_pn_firmware, fl_switch_2516, fl_switch_2516_firmware, fl_switch_2516_pn, fl_switch_2516_pn_firmware, fl_switch_2608, fl_switch_2608_firmware, fl_switch_2608_pn, fl_switch_2608_pn_firmware, fl_switch_2708, fl_switch_2708_firmware, fl_switch_2708_pn, fl_switch_2708_pn_firmware. Check the affected products table above for specific version ranges.
How do I check if I'm vulnerable to CVE-2025-41697? +
You can use Secably's free Website Scanner to check your website for known vulnerabilities. For infrastructure scanning, use the Port Scanner to identify exposed services that may be affected. Check the vendor advisories linked above for specific patch and version information.

Related Vulnerabilities

CVE-2025-1073 7.5

Panasonic IR Control Hub (IR Blaster) versions 1.17 and earlier may allow an attacker with physical access to load unauthorized …
CVE-2025-26409 6.8

A serial interface can be accessed with physical access to the PCB of Wattsense Bridge devices. After connecting to the …
CVE-2024-47944 6.8

The device directly executes .patch firmware upgrade files on a USB stick without any prior authentication in the admin interface. …
CVE-2024-39723 4.6

IBM FlashSystem 5300 USB ports may be usable even if the port has been disabled by the administrator. A user …
CVE-2024-25995 9.8

An unauthenticated remote attacker can modify configurations to perform a remote code execution, gain root rights or perform an DoS …
CVE-2025-25270 9.8

An unauthenticated remote attacker can alter the device configuration in a way to get remote code execution as root with …

Don't wait for an exploit

Scan your website for vulnerabilities like CVE-2025-41697 — free, no signup required.

Start Free Scan