CVE-2025-41749

Q: What is the severity of CVE-2025-41749?

CVE-2025-41749 has a CVSS score of 7.1 (HIGH). An unauthenticated cross-site scripting (XSS) vulnerability in port_util.php allows attackers to trick authenticated users into clicking malicious links, enabling unauthorized changes to device configuration parameters accessible through the web-based management interface. This affects systems running vulnerable versions of the software with web-based management enabled. The vulnerability does not allow system-level access or session hijacking due to httpOnly cookie protection.

7.1 HIGH

Cross-Site Scripting

📋 TL;DR

An unauthenticated cross-site scripting (XSS) vulnerability in port_util.php allows attackers to trick authenticated users into clicking malicious links, enabling unauthorized changes to device configuration parameters accessible through the web-based management interface. This affects systems running vulnerable versions of the software with web-based management enabled. The vulnerability does not allow system-level access or session hijacking due to httpOnly cookie protection.

💻 Affected Systems

Products:

Specific product information not provided in CVE description

Versions: Version information not specified in provided CVE details

Operating Systems: Not specified

Default Config Vulnerable: ⚠️ Yes

Notes: Affects systems with web-based management interface accessible and port_util.php present. The vulnerability requires user interaction (clicking malicious link).

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could modify critical device configuration settings, potentially disrupting operations or enabling further attacks by changing network settings, access controls, or security parameters.

🟠

Likely Case

Attackers trick authenticated administrators into clicking malicious links, leading to unauthorized configuration changes that could affect device functionality or security settings.

🟢

If Mitigated

With proper user awareness training and network segmentation, impact is limited to configuration changes that can be audited and reverted by administrators.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires social engineering to trick authenticated users into clicking malicious links. No authentication bypass needed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not specified

Vendor Advisory: https://certvde.com/de/advisories/VDE-2025-071

Restart Required: No

Instructions:

1. Check vendor advisory for patch availability. 2. Apply vendor-provided security updates. 3. Verify patch installation. 4. Test web interface functionality.

🔧 Temporary Workarounds

Input Validation and Sanitization

all

Implement proper input validation and output encoding in port_util.php to prevent XSS payload execution

Not applicable - requires code changes

Web Application Firewall

all

Deploy WAF with XSS protection rules to block malicious requests

Not applicable - configuration dependent

🧯 If You Can't Patch

Restrict access to web-based management interface using network segmentation and firewall rules
Implement user awareness training about phishing and suspicious links in management interfaces

🔍 How to Verify

Check if Vulnerable:

Check if port_util.php exists in web directory and test for XSS vulnerabilities using security scanners or manual testing with payloads like <script>alert('XSS')</script>

Check Version:

Check software version through web interface or system documentation

Verify Fix Applied:

Test with XSS payloads after patch application to confirm they are properly sanitized and do not execute

📡 Detection & Monitoring

Log Indicators:

Unusual parameter values in port_util.php requests
Multiple failed attempts with script tags in parameters
Configuration changes from unexpected sources

Network Indicators:

HTTP requests to port_util.php with script tags or encoded payloads in parameters
Unusual traffic patterns to management interface

SIEM Query:

source="web_logs" AND uri="*port_util.php*" AND (param="*<script>*" OR param="*javascript:*" OR param="*onerror=*" OR param="*onload=*")

📊 Metadata

CVE ID: CVE-2025-41749

CVSS v3 Score: 7.1 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

CWE: CWE-79

EPSS Score: 0.1% exploit probability (26.7th percentile)

Published: December 9, 2025

Last Updated: December 19, 2025

🔗 References

https://certvde.com/de/advisories/VDE-2025-071 Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Fl Nat 2008 Firmware by Phoenixcontact

Fl Nat 2208 Firmware by Phoenixcontact

Fl Nat 2304 2gc 2sfp Firmware by Phoenixcontact

Fl Switch 2005 Firmware by Phoenixcontact

Fl Switch 2008 Firmware by Phoenixcontact

Fl Switch 2008f Firmware by Phoenixcontact

Fl Switch 2016 Firmware by Phoenixcontact

Fl Switch 2105 Firmware by Phoenixcontact

Fl Switch 2108 Firmware by Phoenixcontact

Fl Switch 2116 Firmware by Phoenixcontact

Fl Switch 2204 2tc 2sfx Firmware by Phoenixcontact

Fl Switch 2205 Firmware by Phoenixcontact

Fl Switch 2206 2fx Firmware by Phoenixcontact

Fl Switch 2206 2fx Sm Firmware by Phoenixcontact

Fl Switch 2206 2fx Sm St Firmware by Phoenixcontact

Fl Switch 2206 2fx St Firmware by Phoenixcontact

Fl Switch 2206 2sfx Firmware by Phoenixcontact

Fl Switch 2206 2sfx Pn Firmware by Phoenixcontact

Fl Switch 2206c 2fx Firmware by Phoenixcontact

Fl Switch 2207 Fx Firmware by Phoenixcontact

Fl Switch 2207 Fx Sm Firmware by Phoenixcontact

Fl Switch 2208 Firmware by Phoenixcontact

Fl Switch 2208 Pn Firmware by Phoenixcontact

Fl Switch 2208c Firmware by Phoenixcontact

Fl Switch 2212 2tc 2sfx Firmware by Phoenixcontact

Fl Switch 2214 2fx Firmware by Phoenixcontact

Fl Switch 2214 2fx Sm Firmware by Phoenixcontact

Fl Switch 2214 2sfx Firmware by Phoenixcontact

Fl Switch 2214 2sfx Pn Firmware by Phoenixcontact

Fl Switch 2216 Firmware by Phoenixcontact

Fl Switch 2216 Pn Firmware by Phoenixcontact

Fl Switch 2303 8sp1 by Phoenixcontact

Fl Switch 2304 2gc 2sfp Firmware by Phoenixcontact

Fl Switch 2306 2sfp Firmware by Phoenixcontact

Fl Switch 2306 2sfp Pn Firmware by Phoenixcontact

Fl Switch 2308 Firmware by Phoenixcontact

Fl Switch 2308 Pn Firmware by Phoenixcontact

Fl Switch 2312 2gc 2sfp Firmware by Phoenixcontact

Fl Switch 2314 2sfp Firmware by Phoenixcontact

Fl Switch 2314 2sfp Pn Firmware by Phoenixcontact

Fl Switch 2316 Firmware by Phoenixcontact

Fl Switch 2316 Pn Firmware by Phoenixcontact

Fl Switch 2316\/k1 Firmware by Phoenixcontact

Fl Switch 2404 2tc 2sfx Firmware by Phoenixcontact

Fl Switch 2406 2sfx Firmware by Phoenixcontact

Fl Switch 2406 2sfx Pn Firmware by Phoenixcontact

Fl Switch 2408 Firmware by Phoenixcontact

Fl Switch 2408 Pn Firmware by Phoenixcontact

Fl Switch 2412 2tc 2sfx Firmware by Phoenixcontact

Fl Switch 2414 2sfx Firmware by Phoenixcontact

Fl Switch 2414 2sfx Pn Firmware by Phoenixcontact

Fl Switch 2416 Firmware by Phoenixcontact

Fl Switch 2416 Pn Firmware by Phoenixcontact

Fl Switch 2504 2gc 2sfp Firmware by Phoenixcontact

Fl Switch 2506 2sfp Firmware by Phoenixcontact

Fl Switch 2506 2sfp Pn Firmware by Phoenixcontact

Fl Switch 2506 2sfp\/k1 Firmware by Phoenixcontact

Fl Switch 2508 Firmware by Phoenixcontact

Fl Switch 2508 Pn Firmware by Phoenixcontact

Fl Switch 2508\/k1 Firmware by Phoenixcontact

Fl Switch 2512 2gc 2sfp Firmware by Phoenixcontact

Fl Switch 2514 2sfp Firmware by Phoenixcontact

Fl Switch 2514 2sfp Pn Firmware by Phoenixcontact

Fl Switch 2516 Firmware by Phoenixcontact

Fl Switch 2516 Pn Firmware by Phoenixcontact

Fl Switch 2608 Firmware by Phoenixcontact

Fl Switch 2608 Pn Firmware by Phoenixcontact

Fl Switch 2708 Firmware by Phoenixcontact

Fl Switch 2708 Pn Firmware by Phoenixcontact