CVE-2025-41699 HIGH

CVE-2025-41699: Phoenix Contact: Security Advisory for CHARX SEC-3xxx charging controllers

Vendor Phoenix Contact
Product CHARX SEC-3150
Weakness CWE-94 · Code injection
Published October 14, 2025
Last update October 15, 2025

CVSS base score

8.8/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

An low privileged remote attacker with an account for the Web-based management can change the system configuration to perform a command injection as root, resulting in a total loss of confidentiality, availability and integrity due to improper control of generation of code ('Code Injection').

Key dates

02Disclosure timeline

October 14, 2025 CVE published
October 15, 2025 Record updated