CVE-2025-41695
📋 TL;DR
An unauthenticated cross-site scripting (XSS) vulnerability in dyn_conn.php allows attackers to trick authenticated users into sending malicious POST requests that modify device configuration parameters via the web-based management interface. This affects systems running vulnerable versions of the software with the web interface exposed. Attackers cannot access system-level resources or steal sessions due to httpOnly cookies.
💻 Affected Systems
- Unknown specific products - referenced in VDE-2025-071 advisory
📦 What is this software?
Fl Nat 2008 Firmware by Phoenixcontact
Fl Nat 2208 Firmware by Phoenixcontact
Fl Nat 2304 2gc 2sfp Firmware by Phoenixcontact
Fl Switch 2005 Firmware by Phoenixcontact
Fl Switch 2008 Firmware by Phoenixcontact
Fl Switch 2008f Firmware by Phoenixcontact
Fl Switch 2016 Firmware by Phoenixcontact
Fl Switch 2105 Firmware by Phoenixcontact
Fl Switch 2108 Firmware by Phoenixcontact
Fl Switch 2116 Firmware by Phoenixcontact
Fl Switch 2204 2tc 2sfx Firmware by Phoenixcontact
Fl Switch 2205 Firmware by Phoenixcontact
Fl Switch 2206 2fx Sm Firmware by Phoenixcontact
Fl Switch 2206 2fx Sm St Firmware by Phoenixcontact
Fl Switch 2206 2fx St Firmware by Phoenixcontact
Fl Switch 2206 2sfx Firmware by Phoenixcontact
Fl Switch 2206 2sfx Pn Firmware by Phoenixcontact
Fl Switch 2206c 2fx Firmware by Phoenixcontact
Fl Switch 2207 Fx Sm Firmware by Phoenixcontact
Fl Switch 2208 Firmware by Phoenixcontact
Fl Switch 2208c Firmware by Phoenixcontact
Fl Switch 2212 2tc 2sfx Firmware by Phoenixcontact
Fl Switch 2214 2fx Sm Firmware by Phoenixcontact
Fl Switch 2214 2sfx Firmware by Phoenixcontact
Fl Switch 2214 2sfx Pn Firmware by Phoenixcontact
Fl Switch 2216 Firmware by Phoenixcontact
Fl Switch 2303 8sp1 by Phoenixcontact
Fl Switch 2304 2gc 2sfp Firmware by Phoenixcontact
Fl Switch 2306 2sfp Firmware by Phoenixcontact
Fl Switch 2306 2sfp Pn Firmware by Phoenixcontact
Fl Switch 2308 Firmware by Phoenixcontact
Fl Switch 2312 2gc 2sfp Firmware by Phoenixcontact
Fl Switch 2314 2sfp Firmware by Phoenixcontact
Fl Switch 2314 2sfp Pn Firmware by Phoenixcontact
Fl Switch 2316 Firmware by Phoenixcontact
Fl Switch 2404 2tc 2sfx Firmware by Phoenixcontact
Fl Switch 2406 2sfx Firmware by Phoenixcontact
Fl Switch 2406 2sfx Pn Firmware by Phoenixcontact
Fl Switch 2408 Firmware by Phoenixcontact
Fl Switch 2412 2tc 2sfx Firmware by Phoenixcontact
Fl Switch 2414 2sfx Firmware by Phoenixcontact
Fl Switch 2414 2sfx Pn Firmware by Phoenixcontact
Fl Switch 2416 Firmware by Phoenixcontact
Fl Switch 2504 2gc 2sfp Firmware by Phoenixcontact
Fl Switch 2506 2sfp Firmware by Phoenixcontact
Fl Switch 2506 2sfp Pn Firmware by Phoenixcontact
Fl Switch 2506 2sfp\/k1 Firmware by Phoenixcontact
Fl Switch 2508 Firmware by Phoenixcontact
Fl Switch 2512 2gc 2sfp Firmware by Phoenixcontact
Fl Switch 2514 2sfp Firmware by Phoenixcontact
Fl Switch 2514 2sfp Pn Firmware by Phoenixcontact
Fl Switch 2516 Firmware by Phoenixcontact
Fl Switch 2608 Firmware by Phoenixcontact
Fl Switch 2708 Firmware by Phoenixcontact
⚠️ Risk & Real-World Impact
Worst Case
Attackers could modify critical device configuration parameters, potentially disrupting operations or enabling further attacks by changing network settings, access controls, or security configurations.
Likely Case
Attackers modify non-critical configuration settings, causing operational issues or enabling data manipulation within the web application's scope.
If Mitigated
With proper input validation and output encoding, the attack fails to execute, leaving configuration unchanged.
🎯 Exploit Status
Exploitation requires social engineering to trick authenticated users into clicking malicious links. No session hijacking possible due to httpOnly cookies.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Unknown
Vendor Advisory: https://certvde.com/de/advisories/VDE-2025-071
Restart Required: No
Instructions:
1. Check vendor advisory for specific patch information. 2. Apply vendor-provided updates. 3. Verify fix implementation.
🔧 Temporary Workarounds
Input Validation and Output Encoding
allImplement proper input validation and output encoding in dyn_conn.php to prevent XSS payload execution.
Web Application Firewall (WAF)
allDeploy WAF with XSS protection rules to block malicious requests.
🧯 If You Can't Patch
- Restrict access to web interface using network segmentation and firewall rules
- Implement Content Security Policy (CSP) headers to mitigate XSS impact
🔍 How to Verify
Check if Vulnerable:
Test dyn_conn.php endpoint with XSS payloads to see if they execute in authenticated contextCheck Version:
Check web interface version information or consult vendor documentationVerify Fix Applied:
Retest with XSS payloads after applying fixes to confirm they no longer execute📡 Detection & Monitoring
Log Indicators:
- Unusual POST requests to dyn_conn.php with script tags or JavaScript payloads
- Multiple failed authentication attempts followed by successful configuration changes
Network Indicators:
- HTTP requests containing XSS payload patterns to dyn_conn.php endpoint
SIEM Query:
source="web_logs" AND uri="/dyn_conn.php" AND (body CONTAINS "<script>" OR body CONTAINS "javascript:")