CVE-2025-41746

7.1 HIGH

Cross-Site Scripting

📋 TL;DR

An unauthenticated cross-site scripting (XSS) vulnerability in pxc_portSecCfg.php allows attackers to trick authenticated users into sending malicious POST requests that modify device configuration parameters via the web-based management interface. This affects systems running vulnerable versions of the software with web management enabled. The vulnerability does not allow system-level access or session hijacking due to httpOnly cookie protection.

💻 Affected Systems

Products:

• Unknown specific product - referenced as affected device with web-based management

Versions: Unknown specific versions - advisory indicates vulnerable versions exist

Operating Systems: Unknown

Default Config Vulnerable: ⚠️ Yes

Notes: Requires web-based management interface to be accessible and pxc_portSecCfg.php endpoint to be exposed.

📦 What is this software?

Fl Nat 2008 Firmware by Phoenixcontact

View all CVEs affecting Fl Nat 2008 Firmware →

Fl Nat 2208 Firmware by Phoenixcontact

View all CVEs affecting Fl Nat 2208 Firmware →

Fl Nat 2304 2gc 2sfp Firmware by Phoenixcontact

View all CVEs affecting Fl Nat 2304 2gc 2sfp Firmware →

Fl Switch 2005 Firmware by Phoenixcontact

View all CVEs affecting Fl Switch 2005 Firmware →

Fl Switch 2008 Firmware by Phoenixcontact

View all CVEs affecting Fl Switch 2008 Firmware →

Fl Switch 2008f Firmware by Phoenixcontact

View all CVEs affecting Fl Switch 2008f Firmware →

Fl Switch 2016 Firmware by Phoenixcontact

View all CVEs affecting Fl Switch 2016 Firmware →

Fl Switch 2105 Firmware by Phoenixcontact

View all CVEs affecting Fl Switch 2105 Firmware →

Fl Switch 2108 Firmware by Phoenixcontact

View all CVEs affecting Fl Switch 2108 Firmware →

Fl Switch 2116 Firmware by Phoenixcontact

View all CVEs affecting Fl Switch 2116 Firmware →

Fl Switch 2204 2tc 2sfx Firmware by Phoenixcontact

View all CVEs affecting Fl Switch 2204 2tc 2sfx Firmware →

Fl Switch 2205 Firmware by Phoenixcontact

View all CVEs affecting Fl Switch 2205 Firmware →

Fl Switch 2206 2fx Firmware by Phoenixcontact

View all CVEs affecting Fl Switch 2206 2fx Firmware →

Fl Switch 2206 2fx Sm Firmware by Phoenixcontact

View all CVEs affecting Fl Switch 2206 2fx Sm Firmware →

Fl Switch 2206 2fx Sm St Firmware by Phoenixcontact

View all CVEs affecting Fl Switch 2206 2fx Sm St Firmware →

Fl Switch 2206 2fx St Firmware by Phoenixcontact

View all CVEs affecting Fl Switch 2206 2fx St Firmware →

Fl Switch 2206 2sfx Firmware by Phoenixcontact

View all CVEs affecting Fl Switch 2206 2sfx Firmware →

Fl Switch 2206 2sfx Pn Firmware by Phoenixcontact

View all CVEs affecting Fl Switch 2206 2sfx Pn Firmware →

Fl Switch 2206c 2fx Firmware by Phoenixcontact

View all CVEs affecting Fl Switch 2206c 2fx Firmware →

Fl Switch 2207 Fx Firmware by Phoenixcontact

View all CVEs affecting Fl Switch 2207 Fx Firmware →

Fl Switch 2207 Fx Sm Firmware by Phoenixcontact

View all CVEs affecting Fl Switch 2207 Fx Sm Firmware →

Fl Switch 2208 Firmware by Phoenixcontact

View all CVEs affecting Fl Switch 2208 Firmware →

Fl Switch 2208 Pn Firmware by Phoenixcontact

View all CVEs affecting Fl Switch 2208 Pn Firmware →

Fl Switch 2208c Firmware by Phoenixcontact

View all CVEs affecting Fl Switch 2208c Firmware →

Fl Switch 2212 2tc 2sfx Firmware by Phoenixcontact

View all CVEs affecting Fl Switch 2212 2tc 2sfx Firmware →

Fl Switch 2214 2fx Firmware by Phoenixcontact

View all CVEs affecting Fl Switch 2214 2fx Firmware →

Fl Switch 2214 2fx Sm Firmware by Phoenixcontact

View all CVEs affecting Fl Switch 2214 2fx Sm Firmware →

Fl Switch 2214 2sfx Firmware by Phoenixcontact

View all CVEs affecting Fl Switch 2214 2sfx Firmware →

Fl Switch 2214 2sfx Pn Firmware by Phoenixcontact

View all CVEs affecting Fl Switch 2214 2sfx Pn Firmware →

Fl Switch 2216 Firmware by Phoenixcontact

View all CVEs affecting Fl Switch 2216 Firmware →

Fl Switch 2216 Pn Firmware by Phoenixcontact

View all CVEs affecting Fl Switch 2216 Pn Firmware →

Fl Switch 2303 8sp1 by Phoenixcontact

View all CVEs affecting Fl Switch 2303 8sp1 →

Fl Switch 2304 2gc 2sfp Firmware by Phoenixcontact

View all CVEs affecting Fl Switch 2304 2gc 2sfp Firmware →

Fl Switch 2306 2sfp Firmware by Phoenixcontact

View all CVEs affecting Fl Switch 2306 2sfp Firmware →

Fl Switch 2306 2sfp Pn Firmware by Phoenixcontact

View all CVEs affecting Fl Switch 2306 2sfp Pn Firmware →

Fl Switch 2308 Firmware by Phoenixcontact

View all CVEs affecting Fl Switch 2308 Firmware →

Fl Switch 2308 Pn Firmware by Phoenixcontact

View all CVEs affecting Fl Switch 2308 Pn Firmware →

Fl Switch 2312 2gc 2sfp Firmware by Phoenixcontact

View all CVEs affecting Fl Switch 2312 2gc 2sfp Firmware →

Fl Switch 2314 2sfp Firmware by Phoenixcontact

View all CVEs affecting Fl Switch 2314 2sfp Firmware →

Fl Switch 2314 2sfp Pn Firmware by Phoenixcontact

View all CVEs affecting Fl Switch 2314 2sfp Pn Firmware →

Fl Switch 2316 Firmware by Phoenixcontact

View all CVEs affecting Fl Switch 2316 Firmware →

Fl Switch 2316 Pn Firmware by Phoenixcontact

View all CVEs affecting Fl Switch 2316 Pn Firmware →

Fl Switch 2316\/k1 Firmware by Phoenixcontact

View all CVEs affecting Fl Switch 2316\/k1 Firmware →

Fl Switch 2404 2tc 2sfx Firmware by Phoenixcontact

View all CVEs affecting Fl Switch 2404 2tc 2sfx Firmware →

Fl Switch 2406 2sfx Firmware by Phoenixcontact

View all CVEs affecting Fl Switch 2406 2sfx Firmware →

Fl Switch 2406 2sfx Pn Firmware by Phoenixcontact

View all CVEs affecting Fl Switch 2406 2sfx Pn Firmware →

Fl Switch 2408 Firmware by Phoenixcontact

View all CVEs affecting Fl Switch 2408 Firmware →

Fl Switch 2408 Pn Firmware by Phoenixcontact

View all CVEs affecting Fl Switch 2408 Pn Firmware →

Fl Switch 2412 2tc 2sfx Firmware by Phoenixcontact

View all CVEs affecting Fl Switch 2412 2tc 2sfx Firmware →

Fl Switch 2414 2sfx Firmware by Phoenixcontact

View all CVEs affecting Fl Switch 2414 2sfx Firmware →

Fl Switch 2414 2sfx Pn Firmware by Phoenixcontact

View all CVEs affecting Fl Switch 2414 2sfx Pn Firmware →

Fl Switch 2416 Firmware by Phoenixcontact

View all CVEs affecting Fl Switch 2416 Firmware →

Fl Switch 2416 Pn Firmware by Phoenixcontact

View all CVEs affecting Fl Switch 2416 Pn Firmware →

Fl Switch 2504 2gc 2sfp Firmware by Phoenixcontact

View all CVEs affecting Fl Switch 2504 2gc 2sfp Firmware →

Fl Switch 2506 2sfp Firmware by Phoenixcontact

View all CVEs affecting Fl Switch 2506 2sfp Firmware →

Fl Switch 2506 2sfp Pn Firmware by Phoenixcontact

View all CVEs affecting Fl Switch 2506 2sfp Pn Firmware →

Fl Switch 2506 2sfp\/k1 Firmware by Phoenixcontact

View all CVEs affecting Fl Switch 2506 2sfp\/k1 Firmware →

Fl Switch 2508 Firmware by Phoenixcontact

View all CVEs affecting Fl Switch 2508 Firmware →

Fl Switch 2508 Pn Firmware by Phoenixcontact

View all CVEs affecting Fl Switch 2508 Pn Firmware →

Fl Switch 2508\/k1 Firmware by Phoenixcontact

View all CVEs affecting Fl Switch 2508\/k1 Firmware →

Fl Switch 2512 2gc 2sfp Firmware by Phoenixcontact

View all CVEs affecting Fl Switch 2512 2gc 2sfp Firmware →

Fl Switch 2514 2sfp Firmware by Phoenixcontact

View all CVEs affecting Fl Switch 2514 2sfp Firmware →

Fl Switch 2514 2sfp Pn Firmware by Phoenixcontact

View all CVEs affecting Fl Switch 2514 2sfp Pn Firmware →

Fl Switch 2516 Firmware by Phoenixcontact

View all CVEs affecting Fl Switch 2516 Firmware →

Fl Switch 2516 Pn Firmware by Phoenixcontact

View all CVEs affecting Fl Switch 2516 Pn Firmware →

Fl Switch 2608 Firmware by Phoenixcontact

View all CVEs affecting Fl Switch 2608 Firmware →

Fl Switch 2608 Pn Firmware by Phoenixcontact

View all CVEs affecting Fl Switch 2608 Pn Firmware →

Fl Switch 2708 Firmware by Phoenixcontact

View all CVEs affecting Fl Switch 2708 Firmware →

Fl Switch 2708 Pn Firmware by Phoenixcontact

View all CVEs affecting Fl Switch 2708 Pn Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could modify critical device configuration parameters, potentially disrupting network operations or enabling further attacks by changing security settings.

🟠

Likely Case

Attackers modify non-critical configuration parameters, causing service disruptions or requiring administrative intervention to restore proper settings.

🟢

If Mitigated

With proper input validation and output encoding, the attack would fail to execute JavaScript payloads, preventing configuration changes.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires social engineering to trick authenticated users into clicking malicious links.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://certvde.com/de/advisories/VDE-2025-071

Restart Required: No

Instructions:

1. Monitor vendor for security updates. 2. Apply patches when available. 3. Verify fix by testing the vulnerable endpoint.

🔧 Temporary Workarounds

Input Validation and Output Encoding

all

Implement proper input validation and output encoding in pxc_portSecCfg.php to prevent XSS payload execution.

Copy

N/A - requires code changes

Restrict Web Interface Access

all

Limit access to web-based management interface to trusted networks only.

Copy

N/A - network configuration dependent

🧯 If You Can't Patch

• Implement web application firewall (WAF) rules to block XSS payloads targeting pxc_portSecCfg.php
• Educate users about phishing risks and implement click-through warnings for external links

🔍 How to Verify

Check if Vulnerable:

Copy

Test pxc_portSecCfg.php endpoint with XSS payloads to see if they execute in authenticated context.

Check Version:

Copy

Unknown - check device documentation for version information

Verify Fix Applied:

Copy

Retest with XSS payloads after applying fixes to confirm they no longer execute.

📡 Detection & Monitoring

Log Indicators:

• Unusual POST requests to pxc_portSecCfg.php with script tags or JavaScript payloads
• Multiple configuration changes from single user session

Network Indicators:

• HTTP requests containing XSS payload patterns to the vulnerable endpoint
• Referrer headers pointing to suspicious external domains

SIEM Query:

Copy

http.url:"*pxc_portSecCfg.php*" AND (http.request_body:"<script>" OR http.request_body:"javascript:")

📊 Metadata

CVE ID: CVE-2025-41746

CVSS v3 Score: 7.1 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

CWE: CWE-79

EPSS Score: 0.13% exploit probability (32.8th percentile)

Published: December 9, 2025

Last Updated: December 19, 2025

🔗 References

• https://certvde.com/de/advisories/VDE-2025-071 Vendor Advisory

📤 Share & Export

Twitter LinkedIn Reddit Copy Link

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-41746, you might also want to check these:

CVE-2021-39199 10.0

CVE-2021-39199 is a critical cross-site scripting (XSS) vulnerability in the remark-html Node.js lib...

Same vulnerability type (CWE-79)

CVE-2021-32671 10.0

This vulnerability in Flarum forum software allows attackers to inject malicious HTML/JavaScript int...

Same vulnerability type (CWE-79)

CVE-2021-32798 10.0

CVE-2021-32798 is a critical vulnerability in Jupyter Notebook that allows malicious notebook files ...

Same vulnerability type (CWE-79)