CVE-2025-41747
📋 TL;DR
An unauthenticated cross-site scripting (XSS) vulnerability in pxc_vlanIntfCfg.php allows attackers to trick authenticated users into sending malicious POST requests that modify device configuration parameters via the web-based management interface. This affects systems running vulnerable versions of the affected software with web management enabled. Attackers cannot access system-level resources or steal session cookies due to httpOnly protection.
💻 Affected Systems
- Unknown specific product - referenced in VDE-2025-071 advisory
📦 What is this software?
Fl Nat 2008 Firmware by Phoenixcontact
Fl Nat 2208 Firmware by Phoenixcontact
Fl Nat 2304 2gc 2sfp Firmware by Phoenixcontact
Fl Switch 2005 Firmware by Phoenixcontact
Fl Switch 2008 Firmware by Phoenixcontact
Fl Switch 2008f Firmware by Phoenixcontact
Fl Switch 2016 Firmware by Phoenixcontact
Fl Switch 2105 Firmware by Phoenixcontact
Fl Switch 2108 Firmware by Phoenixcontact
Fl Switch 2116 Firmware by Phoenixcontact
Fl Switch 2204 2tc 2sfx Firmware by Phoenixcontact
Fl Switch 2205 Firmware by Phoenixcontact
Fl Switch 2206 2fx Sm Firmware by Phoenixcontact
Fl Switch 2206 2fx Sm St Firmware by Phoenixcontact
Fl Switch 2206 2fx St Firmware by Phoenixcontact
Fl Switch 2206 2sfx Firmware by Phoenixcontact
Fl Switch 2206 2sfx Pn Firmware by Phoenixcontact
Fl Switch 2206c 2fx Firmware by Phoenixcontact
Fl Switch 2207 Fx Sm Firmware by Phoenixcontact
Fl Switch 2208 Firmware by Phoenixcontact
Fl Switch 2208c Firmware by Phoenixcontact
Fl Switch 2212 2tc 2sfx Firmware by Phoenixcontact
Fl Switch 2214 2fx Sm Firmware by Phoenixcontact
Fl Switch 2214 2sfx Firmware by Phoenixcontact
Fl Switch 2214 2sfx Pn Firmware by Phoenixcontact
Fl Switch 2216 Firmware by Phoenixcontact
Fl Switch 2303 8sp1 by Phoenixcontact
Fl Switch 2304 2gc 2sfp Firmware by Phoenixcontact
Fl Switch 2306 2sfp Firmware by Phoenixcontact
Fl Switch 2306 2sfp Pn Firmware by Phoenixcontact
Fl Switch 2308 Firmware by Phoenixcontact
Fl Switch 2312 2gc 2sfp Firmware by Phoenixcontact
Fl Switch 2314 2sfp Firmware by Phoenixcontact
Fl Switch 2314 2sfp Pn Firmware by Phoenixcontact
Fl Switch 2316 Firmware by Phoenixcontact
Fl Switch 2404 2tc 2sfx Firmware by Phoenixcontact
Fl Switch 2406 2sfx Firmware by Phoenixcontact
Fl Switch 2406 2sfx Pn Firmware by Phoenixcontact
Fl Switch 2408 Firmware by Phoenixcontact
Fl Switch 2412 2tc 2sfx Firmware by Phoenixcontact
Fl Switch 2414 2sfx Firmware by Phoenixcontact
Fl Switch 2414 2sfx Pn Firmware by Phoenixcontact
Fl Switch 2416 Firmware by Phoenixcontact
Fl Switch 2504 2gc 2sfp Firmware by Phoenixcontact
Fl Switch 2506 2sfp Firmware by Phoenixcontact
Fl Switch 2506 2sfp Pn Firmware by Phoenixcontact
Fl Switch 2506 2sfp\/k1 Firmware by Phoenixcontact
Fl Switch 2508 Firmware by Phoenixcontact
Fl Switch 2512 2gc 2sfp Firmware by Phoenixcontact
Fl Switch 2514 2sfp Firmware by Phoenixcontact
Fl Switch 2514 2sfp Pn Firmware by Phoenixcontact
Fl Switch 2516 Firmware by Phoenixcontact
Fl Switch 2608 Firmware by Phoenixcontact
Fl Switch 2708 Firmware by Phoenixcontact
⚠️ Risk & Real-World Impact
Worst Case
An attacker could manipulate device configuration parameters to disrupt network operations, change security settings, or cause service degradation through unauthorized configuration changes.
Likely Case
Attackers would typically use this to modify VLAN configurations, network settings, or other web-accessible parameters to cause operational issues or weaken security posture.
If Mitigated
With proper web application firewalls and input validation, the attack would be blocked before reaching the vulnerable endpoint.
🎯 Exploit Status
Exploitation requires social engineering to trick authenticated users into visiting malicious pages. The vulnerability itself is straightforward XSS.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Unknown - check vendor advisory
Vendor Advisory: https://certvde.com/de/advisories/VDE-2025-071
Restart Required: Yes
Instructions:
1. Check the vendor advisory for affected products and versions. 2. Apply the vendor-provided patch or firmware update. 3. Restart the device/service to apply changes. 4. Verify the fix by testing the vulnerable endpoint.
🔧 Temporary Workarounds
Web Application Firewall
allDeploy a WAF with XSS protection rules to block malicious requests to pxc_vlanIntfCfg.php
Input Validation
allImplement server-side input validation and output encoding for all parameters in the affected script
🧯 If You Can't Patch
- Restrict access to the web management interface using network segmentation and firewall rules
- Implement Content Security Policy (CSP) headers to mitigate XSS impact
🔍 How to Verify
Check if Vulnerable:
Test the pxc_vlanIntfCfg.php endpoint with XSS payloads in POST parameters. Monitor for successful script execution or parameter manipulation.Check Version:
Check web interface version or firmware version through device administration interfaceVerify Fix Applied:
After patching, retest with XSS payloads to confirm they are properly sanitized or blocked. Verify that malicious POST requests no longer affect configuration.📡 Detection & Monitoring
Log Indicators:
- Unusual POST requests to pxc_vlanIntfCfg.php with script tags or JavaScript payloads
- Configuration changes from unexpected sources
Network Indicators:
- HTTP requests containing XSS payloads targeting the vulnerable endpoint
- Unusual traffic patterns to web management interface
SIEM Query:
source="web_server" AND uri="/pxc_vlanIntfCfg.php" AND (method="POST") AND (content CONTAINS "<script>" OR content CONTAINS "javascript:")