CVE-2025-41694
6.5 MEDIUM
📋 TL;DR
A low-privileged remote attacker can send a webshell request with an empty command containing whitespace, causing the web server to block while waiting for more data. This creates a denial-of-service condition that affects any system running the vulnerable webshell implementation.
💻 Affected Systems
Products:
- Specific webshell implementation not named in CVE
Versions: Unknown specific versions - check vendor advisory
Operating Systems: All platforms running vulnerable webshell
Default Config Vulnerable:
⚠️ Yes
Notes: Affects systems where webshell functionality is enabled, even with low-privilege access
📦 What is this software?
Fl Nat 2008 Firmware by Phoenixcontact
Fl Nat 2208 Firmware by Phoenixcontact
Fl Nat 2304 2gc 2sfp Firmware by Phoenixcontact
Fl Switch 2005 Firmware by Phoenixcontact
Fl Switch 2008 Firmware by Phoenixcontact
Fl Switch 2008f Firmware by Phoenixcontact
Fl Switch 2016 Firmware by Phoenixcontact
Fl Switch 2105 Firmware by Phoenixcontact
Fl Switch 2108 Firmware by Phoenixcontact
Fl Switch 2116 Firmware by Phoenixcontact
Fl Switch 2204 2tc 2sfx Firmware by Phoenixcontact
Fl Switch 2205 Firmware by Phoenixcontact
Fl Switch 2206 2fx Sm Firmware by Phoenixcontact
Fl Switch 2206 2fx Sm St Firmware by Phoenixcontact
Fl Switch 2206 2fx St Firmware by Phoenixcontact
Fl Switch 2206 2sfx Firmware by Phoenixcontact
Fl Switch 2206 2sfx Pn Firmware by Phoenixcontact
Fl Switch 2206c 2fx Firmware by Phoenixcontact
Fl Switch 2207 Fx Sm Firmware by Phoenixcontact
Fl Switch 2208 Firmware by Phoenixcontact
Fl Switch 2208c Firmware by Phoenixcontact
Fl Switch 2212 2tc 2sfx Firmware by Phoenixcontact
Fl Switch 2214 2fx Sm Firmware by Phoenixcontact
Fl Switch 2214 2sfx Firmware by Phoenixcontact
Fl Switch 2214 2sfx Pn Firmware by Phoenixcontact
Fl Switch 2216 Firmware by Phoenixcontact
Fl Switch 2303 8sp1 by Phoenixcontact
Fl Switch 2304 2gc 2sfp Firmware by Phoenixcontact
Fl Switch 2306 2sfp Firmware by Phoenixcontact
Fl Switch 2306 2sfp Pn Firmware by Phoenixcontact
Fl Switch 2308 Firmware by Phoenixcontact
Fl Switch 2312 2gc 2sfp Firmware by Phoenixcontact
Fl Switch 2314 2sfp Firmware by Phoenixcontact
Fl Switch 2314 2sfp Pn Firmware by Phoenixcontact
Fl Switch 2316 Firmware by Phoenixcontact
Fl Switch 2404 2tc 2sfx Firmware by Phoenixcontact
Fl Switch 2406 2sfx Firmware by Phoenixcontact
Fl Switch 2406 2sfx Pn Firmware by Phoenixcontact
Fl Switch 2408 Firmware by Phoenixcontact
Fl Switch 2412 2tc 2sfx Firmware by Phoenixcontact
Fl Switch 2414 2sfx Firmware by Phoenixcontact
Fl Switch 2414 2sfx Pn Firmware by Phoenixcontact
Fl Switch 2416 Firmware by Phoenixcontact
Fl Switch 2504 2gc 2sfp Firmware by Phoenixcontact
Fl Switch 2506 2sfp Firmware by Phoenixcontact
Fl Switch 2506 2sfp Pn Firmware by Phoenixcontact
Fl Switch 2506 2sfp\/k1 Firmware by Phoenixcontact
Fl Switch 2508 Firmware by Phoenixcontact
Fl Switch 2512 2gc 2sfp Firmware by Phoenixcontact
Fl Switch 2514 2sfp Firmware by Phoenixcontact
Fl Switch 2514 2sfp Pn Firmware by Phoenixcontact
Fl Switch 2516 Firmware by Phoenixcontact
Fl Switch 2608 Firmware by Phoenixcontact
Fl Switch 2708 Firmware by Phoenixcontact
⚠️ Risk & Real-World Impact
Worst Case
Complete web server unavailability requiring restart, potentially affecting all hosted services and applications.
Likely Case
Temporary service disruption for the affected web server process/thread until timeout or manual intervention.
If Mitigated
Limited impact with proper request filtering, rate limiting, and monitoring in place.
🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM
🎯 Exploit Status
Public PoC:
✅ No
Weaponized:
UNKNOWN
Unauthenticated Exploit:
✅ No
Complexity:
LOW
Requires low-privilege access to webshell interface; exploitation is simple once access is obtained
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Unknown
Vendor Advisory: https://certvde.com/de/advisories/VDE-2025-071
Restart Required: Yes
Instructions:
1. Monitor vendor for patch release
2. Apply patch when available
3. Restart web server services
🔧 Temporary Workarounds
Disable webshell functionality
allRemove or disable webshell access if not required
# Configuration dependent - disable in web server config
Implement request validation
allAdd input validation to reject empty or whitespace-only commands
# Application-specific implementation required
🧯 If You Can't Patch
- Implement strict access controls to webshell functionality
- Deploy WAF rules to block suspicious webshell requests
🔍 How to Verify
Check if Vulnerable:
Test if webshell accepts empty or whitespace-only commands and causes blocking behaviorCheck Version:
# Check with vendor-specific version commandVerify Fix Applied:
Verify webshell rejects empty/whitespace commands and returns appropriate error📡 Detection & Monitoring
Log Indicators:
- Webshell requests with empty/whitespace commands
- Unusually long request processing times
- Web server process/thread hanging
Network Indicators:
- HTTP requests to webshell endpoints with minimal/no command data
- Abnormal request patterns to administrative interfaces
SIEM Query:
source="webserver" AND (uri="*webshell*" OR uri="*cmd*" OR uri="*exec*") AND (content_length<10 OR request_body=" " OR request_body="")