CVE-2025-41748

Q: What is the severity of CVE-2025-41748?

CVE-2025-41748 has a CVSS score of 7.1 (HIGH). An unauthenticated cross-site scripting (XSS) vulnerability in pxc_Dot1xCfg.php allows attackers to trick authenticated users into clicking malicious links, enabling unauthorized changes to device configuration parameters accessible via web-based management. This affects systems running vulnerable versions of the software with web interfaces exposed. The vulnerability does not allow system-level access or session hijacking due to httpOnly cookie protection.

7.1 HIGH

Cross-Site Scripting

📋 TL;DR

An unauthenticated cross-site scripting (XSS) vulnerability in pxc_Dot1xCfg.php allows attackers to trick authenticated users into clicking malicious links, enabling unauthorized changes to device configuration parameters accessible via web-based management. This affects systems running vulnerable versions of the software with web interfaces exposed. The vulnerability does not allow system-level access or session hijacking due to httpOnly cookie protection.

💻 Affected Systems

Products:

Specific product information not provided in CVE description

Versions: Version information not specified in provided CVE details

Operating Systems: Not specified

Default Config Vulnerable: ⚠️ Yes

Notes: Affects systems with web-based management interface accessible. The vulnerability is in pxc_Dot1xCfg.php component.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker could modify critical device configuration parameters, potentially disrupting network operations or enabling further attacks through changed settings.

🟠

Likely Case

Attackers modify non-critical configuration settings, causing operational issues or preparing for follow-up attacks.

🟢

If Mitigated

Limited impact due to httpOnly cookies preventing session theft, with only configuration changes possible within authenticated user's permissions.

🌐 Internet-Facing: HIGH - Unauthenticated remote exploitation makes internet-facing interfaces particularly vulnerable to attack.

🏢 Internal Only: MEDIUM - Internal attackers could still exploit this, but requires tricking authenticated users.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires social engineering to trick authenticated users into clicking malicious links. No authentication bypass needed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not specified

Vendor Advisory: https://certvde.com/de/advisories/VDE-2025-071

Restart Required: No

Instructions:

1. Check vendor advisory for patch availability. 2. Apply vendor-provided security updates. 3. Verify fix by testing the vulnerable endpoint.

🔧 Temporary Workarounds

Input Validation and Sanitization

all

Implement proper input validation and output encoding for user-supplied data in pxc_Dot1xCfg.php

Web Application Firewall

all

Deploy WAF with XSS protection rules to block malicious payloads

🧯 If You Can't Patch

Restrict access to web management interface using network segmentation and firewall rules
Implement Content Security Policy (CSP) headers to mitigate XSS impact

🔍 How to Verify

Check if Vulnerable:

Test pxc_Dot1xCfg.php endpoint with XSS payloads to see if they execute in authenticated context

Check Version:

Check software version via web interface or system documentation

Verify Fix Applied:

Retest with XSS payloads after applying fixes to confirm they no longer execute

📡 Detection & Monitoring

Log Indicators:

Unusual parameter values in pxc_Dot1xCfg.php requests
Multiple failed authentication attempts followed by configuration changes

Network Indicators:

HTTP requests to pxc_Dot1xCfg.php with suspicious parameter values
Unusual configuration change patterns

SIEM Query:

source="web_logs" AND uri="*pxc_Dot1xCfg.php*" AND (param="*<script>*" OR param="*javascript:*")

📊 Metadata

CVE ID: CVE-2025-41748

CVSS v3 Score: 7.1 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

CWE: CWE-79

EPSS Score: 0.13% exploit probability (32.8th percentile)

Published: December 9, 2025

Last Updated: December 19, 2025

🔗 References

https://certvde.com/de/advisories/VDE-2025-071 Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Fl Nat 2008 Firmware by Phoenixcontact

Fl Nat 2208 Firmware by Phoenixcontact

Fl Nat 2304 2gc 2sfp Firmware by Phoenixcontact

Fl Switch 2005 Firmware by Phoenixcontact

Fl Switch 2008 Firmware by Phoenixcontact

Fl Switch 2008f Firmware by Phoenixcontact

Fl Switch 2016 Firmware by Phoenixcontact

Fl Switch 2105 Firmware by Phoenixcontact

Fl Switch 2108 Firmware by Phoenixcontact

Fl Switch 2116 Firmware by Phoenixcontact

Fl Switch 2204 2tc 2sfx Firmware by Phoenixcontact

Fl Switch 2205 Firmware by Phoenixcontact

Fl Switch 2206 2fx Firmware by Phoenixcontact

Fl Switch 2206 2fx Sm Firmware by Phoenixcontact

Fl Switch 2206 2fx Sm St Firmware by Phoenixcontact

Fl Switch 2206 2fx St Firmware by Phoenixcontact

Fl Switch 2206 2sfx Firmware by Phoenixcontact

Fl Switch 2206 2sfx Pn Firmware by Phoenixcontact

Fl Switch 2206c 2fx Firmware by Phoenixcontact

Fl Switch 2207 Fx Firmware by Phoenixcontact

Fl Switch 2207 Fx Sm Firmware by Phoenixcontact

Fl Switch 2208 Firmware by Phoenixcontact

Fl Switch 2208 Pn Firmware by Phoenixcontact

Fl Switch 2208c Firmware by Phoenixcontact

Fl Switch 2212 2tc 2sfx Firmware by Phoenixcontact

Fl Switch 2214 2fx Firmware by Phoenixcontact

Fl Switch 2214 2fx Sm Firmware by Phoenixcontact

Fl Switch 2214 2sfx Firmware by Phoenixcontact

Fl Switch 2214 2sfx Pn Firmware by Phoenixcontact

Fl Switch 2216 Firmware by Phoenixcontact

Fl Switch 2216 Pn Firmware by Phoenixcontact

Fl Switch 2303 8sp1 by Phoenixcontact

Fl Switch 2304 2gc 2sfp Firmware by Phoenixcontact

Fl Switch 2306 2sfp Firmware by Phoenixcontact

Fl Switch 2306 2sfp Pn Firmware by Phoenixcontact

Fl Switch 2308 Firmware by Phoenixcontact

Fl Switch 2308 Pn Firmware by Phoenixcontact

Fl Switch 2312 2gc 2sfp Firmware by Phoenixcontact

Fl Switch 2314 2sfp Firmware by Phoenixcontact

Fl Switch 2314 2sfp Pn Firmware by Phoenixcontact

Fl Switch 2316 Firmware by Phoenixcontact

Fl Switch 2316 Pn Firmware by Phoenixcontact

Fl Switch 2316\/k1 Firmware by Phoenixcontact

Fl Switch 2404 2tc 2sfx Firmware by Phoenixcontact

Fl Switch 2406 2sfx Firmware by Phoenixcontact

Fl Switch 2406 2sfx Pn Firmware by Phoenixcontact

Fl Switch 2408 Firmware by Phoenixcontact

Fl Switch 2408 Pn Firmware by Phoenixcontact

Fl Switch 2412 2tc 2sfx Firmware by Phoenixcontact

Fl Switch 2414 2sfx Firmware by Phoenixcontact

Fl Switch 2414 2sfx Pn Firmware by Phoenixcontact

Fl Switch 2416 Firmware by Phoenixcontact

Fl Switch 2416 Pn Firmware by Phoenixcontact

Fl Switch 2504 2gc 2sfp Firmware by Phoenixcontact

Fl Switch 2506 2sfp Firmware by Phoenixcontact

Fl Switch 2506 2sfp Pn Firmware by Phoenixcontact

Fl Switch 2506 2sfp\/k1 Firmware by Phoenixcontact

Fl Switch 2508 Firmware by Phoenixcontact

Fl Switch 2508 Pn Firmware by Phoenixcontact

Fl Switch 2508\/k1 Firmware by Phoenixcontact

Fl Switch 2512 2gc 2sfp Firmware by Phoenixcontact

Fl Switch 2514 2sfp Firmware by Phoenixcontact

Fl Switch 2514 2sfp Pn Firmware by Phoenixcontact

Fl Switch 2516 Firmware by Phoenixcontact

Fl Switch 2516 Pn Firmware by Phoenixcontact

Fl Switch 2608 Firmware by Phoenixcontact

Fl Switch 2608 Pn Firmware by Phoenixcontact

Fl Switch 2708 Firmware by Phoenixcontact

Fl Switch 2708 Pn Firmware by Phoenixcontact