Login Sign Up

CVE-2025-41750

7.1 HIGH
Cross-Site Scripting

📋 TL;DR

An unauthenticated cross-site scripting (XSS) vulnerability in pxc_PortCfg.php allows attackers to trick authenticated users into clicking malicious links, enabling unauthorized changes to device configuration parameters via the web-based management interface. This affects systems running vulnerable versions of the software with web management exposed. The vulnerability does not allow system-level access or session hijacking due to httpOnly cookie protection.

💻 Affected Systems

Products:
  • Unknown specific product - referenced as affected software with pxc_PortCfg.php
Versions: Unknown specific versions
Operating Systems: Unknown
Default Config Vulnerable: ⚠️ Yes
Notes: Affects systems with web-based management interface accessible. The specific product name is not provided in the CVE description.

📦 What is this software?

Fl Nat 2008 Firmware by Phoenixcontact

View all CVEs affecting Fl Nat 2008 Firmware →

Fl Nat 2208 Firmware by Phoenixcontact

View all CVEs affecting Fl Nat 2208 Firmware →

Fl Nat 2304 2gc 2sfp Firmware by Phoenixcontact

View all CVEs affecting Fl Nat 2304 2gc 2sfp Firmware →

Fl Switch 2005 Firmware by Phoenixcontact

View all CVEs affecting Fl Switch 2005 Firmware →

Fl Switch 2008 Firmware by Phoenixcontact

View all CVEs affecting Fl Switch 2008 Firmware →

Fl Switch 2008f Firmware by Phoenixcontact

View all CVEs affecting Fl Switch 2008f Firmware →

Fl Switch 2016 Firmware by Phoenixcontact

View all CVEs affecting Fl Switch 2016 Firmware →

Fl Switch 2105 Firmware by Phoenixcontact

View all CVEs affecting Fl Switch 2105 Firmware →

Fl Switch 2108 Firmware by Phoenixcontact

View all CVEs affecting Fl Switch 2108 Firmware →

Fl Switch 2116 Firmware by Phoenixcontact

View all CVEs affecting Fl Switch 2116 Firmware →

Fl Switch 2204 2tc 2sfx Firmware by Phoenixcontact

View all CVEs affecting Fl Switch 2204 2tc 2sfx Firmware →

Fl Switch 2205 Firmware by Phoenixcontact

View all CVEs affecting Fl Switch 2205 Firmware →

Fl Switch 2206 2fx Firmware by Phoenixcontact

View all CVEs affecting Fl Switch 2206 2fx Firmware →

Fl Switch 2206 2fx Sm Firmware by Phoenixcontact

View all CVEs affecting Fl Switch 2206 2fx Sm Firmware →

Fl Switch 2206 2fx Sm St Firmware by Phoenixcontact

View all CVEs affecting Fl Switch 2206 2fx Sm St Firmware →

Fl Switch 2206 2fx St Firmware by Phoenixcontact

View all CVEs affecting Fl Switch 2206 2fx St Firmware →

Fl Switch 2206 2sfx Firmware by Phoenixcontact

View all CVEs affecting Fl Switch 2206 2sfx Firmware →

Fl Switch 2206 2sfx Pn Firmware by Phoenixcontact

View all CVEs affecting Fl Switch 2206 2sfx Pn Firmware →

Fl Switch 2206c 2fx Firmware by Phoenixcontact

View all CVEs affecting Fl Switch 2206c 2fx Firmware →

Fl Switch 2207 Fx Firmware by Phoenixcontact

View all CVEs affecting Fl Switch 2207 Fx Firmware →

Fl Switch 2207 Fx Sm Firmware by Phoenixcontact

View all CVEs affecting Fl Switch 2207 Fx Sm Firmware →

Fl Switch 2208 Firmware by Phoenixcontact

View all CVEs affecting Fl Switch 2208 Firmware →

Fl Switch 2208 Pn Firmware by Phoenixcontact

View all CVEs affecting Fl Switch 2208 Pn Firmware →

Fl Switch 2208c Firmware by Phoenixcontact

View all CVEs affecting Fl Switch 2208c Firmware →

Fl Switch 2212 2tc 2sfx Firmware by Phoenixcontact

View all CVEs affecting Fl Switch 2212 2tc 2sfx Firmware →

Fl Switch 2214 2fx Firmware by Phoenixcontact

View all CVEs affecting Fl Switch 2214 2fx Firmware →

Fl Switch 2214 2fx Sm Firmware by Phoenixcontact

View all CVEs affecting Fl Switch 2214 2fx Sm Firmware →

Fl Switch 2214 2sfx Firmware by Phoenixcontact

View all CVEs affecting Fl Switch 2214 2sfx Firmware →

Fl Switch 2214 2sfx Pn Firmware by Phoenixcontact

View all CVEs affecting Fl Switch 2214 2sfx Pn Firmware →

Fl Switch 2216 Firmware by Phoenixcontact

View all CVEs affecting Fl Switch 2216 Firmware →

Fl Switch 2216 Pn Firmware by Phoenixcontact

View all CVEs affecting Fl Switch 2216 Pn Firmware →

Fl Switch 2303 8sp1 by Phoenixcontact

View all CVEs affecting Fl Switch 2303 8sp1 →

Fl Switch 2304 2gc 2sfp Firmware by Phoenixcontact

View all CVEs affecting Fl Switch 2304 2gc 2sfp Firmware →

Fl Switch 2306 2sfp Firmware by Phoenixcontact

View all CVEs affecting Fl Switch 2306 2sfp Firmware →

Fl Switch 2306 2sfp Pn Firmware by Phoenixcontact

View all CVEs affecting Fl Switch 2306 2sfp Pn Firmware →

Fl Switch 2308 Firmware by Phoenixcontact

View all CVEs affecting Fl Switch 2308 Firmware →

Fl Switch 2308 Pn Firmware by Phoenixcontact

View all CVEs affecting Fl Switch 2308 Pn Firmware →

Fl Switch 2312 2gc 2sfp Firmware by Phoenixcontact

View all CVEs affecting Fl Switch 2312 2gc 2sfp Firmware →

Fl Switch 2314 2sfp Firmware by Phoenixcontact

View all CVEs affecting Fl Switch 2314 2sfp Firmware →

Fl Switch 2314 2sfp Pn Firmware by Phoenixcontact

View all CVEs affecting Fl Switch 2314 2sfp Pn Firmware →

Fl Switch 2316 Firmware by Phoenixcontact

View all CVEs affecting Fl Switch 2316 Firmware →

Fl Switch 2316 Pn Firmware by Phoenixcontact

View all CVEs affecting Fl Switch 2316 Pn Firmware →

Fl Switch 2316\/k1 Firmware by Phoenixcontact

View all CVEs affecting Fl Switch 2316\/k1 Firmware →

Fl Switch 2404 2tc 2sfx Firmware by Phoenixcontact

View all CVEs affecting Fl Switch 2404 2tc 2sfx Firmware →

Fl Switch 2406 2sfx Firmware by Phoenixcontact

View all CVEs affecting Fl Switch 2406 2sfx Firmware →

Fl Switch 2406 2sfx Pn Firmware by Phoenixcontact

View all CVEs affecting Fl Switch 2406 2sfx Pn Firmware →

Fl Switch 2408 Firmware by Phoenixcontact

View all CVEs affecting Fl Switch 2408 Firmware →

Fl Switch 2408 Pn Firmware by Phoenixcontact

View all CVEs affecting Fl Switch 2408 Pn Firmware →

Fl Switch 2412 2tc 2sfx Firmware by Phoenixcontact

View all CVEs affecting Fl Switch 2412 2tc 2sfx Firmware →

Fl Switch 2414 2sfx Firmware by Phoenixcontact

View all CVEs affecting Fl Switch 2414 2sfx Firmware →

Fl Switch 2414 2sfx Pn Firmware by Phoenixcontact

View all CVEs affecting Fl Switch 2414 2sfx Pn Firmware →

Fl Switch 2416 Firmware by Phoenixcontact

View all CVEs affecting Fl Switch 2416 Firmware →

Fl Switch 2416 Pn Firmware by Phoenixcontact

View all CVEs affecting Fl Switch 2416 Pn Firmware →

Fl Switch 2504 2gc 2sfp Firmware by Phoenixcontact

View all CVEs affecting Fl Switch 2504 2gc 2sfp Firmware →

Fl Switch 2506 2sfp Firmware by Phoenixcontact

View all CVEs affecting Fl Switch 2506 2sfp Firmware →

Fl Switch 2506 2sfp Pn Firmware by Phoenixcontact

View all CVEs affecting Fl Switch 2506 2sfp Pn Firmware →

Fl Switch 2506 2sfp\/k1 Firmware by Phoenixcontact

View all CVEs affecting Fl Switch 2506 2sfp\/k1 Firmware →

Fl Switch 2508 Firmware by Phoenixcontact

View all CVEs affecting Fl Switch 2508 Firmware →

Fl Switch 2508 Pn Firmware by Phoenixcontact

View all CVEs affecting Fl Switch 2508 Pn Firmware →

Fl Switch 2508\/k1 Firmware by Phoenixcontact

View all CVEs affecting Fl Switch 2508\/k1 Firmware →

Fl Switch 2512 2gc 2sfp Firmware by Phoenixcontact

View all CVEs affecting Fl Switch 2512 2gc 2sfp Firmware →

Fl Switch 2514 2sfp Firmware by Phoenixcontact

View all CVEs affecting Fl Switch 2514 2sfp Firmware →

Fl Switch 2514 2sfp Pn Firmware by Phoenixcontact

View all CVEs affecting Fl Switch 2514 2sfp Pn Firmware →

Fl Switch 2516 Firmware by Phoenixcontact

View all CVEs affecting Fl Switch 2516 Firmware →

Fl Switch 2516 Pn Firmware by Phoenixcontact

View all CVEs affecting Fl Switch 2516 Pn Firmware →

Fl Switch 2608 Firmware by Phoenixcontact

View all CVEs affecting Fl Switch 2608 Firmware →

Fl Switch 2608 Pn Firmware by Phoenixcontact

View all CVEs affecting Fl Switch 2608 Pn Firmware →

Fl Switch 2708 Firmware by Phoenixcontact

View all CVEs affecting Fl Switch 2708 Firmware →

Fl Switch 2708 Pn Firmware by Phoenixcontact

View all CVEs affecting Fl Switch 2708 Pn Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could modify critical device configuration parameters, potentially disrupting network operations or enabling further attacks by changing security settings.

🟠

Likely Case

Attackers modify non-critical configuration settings, causing operational disruptions or enabling data interception through parameter changes.

🟢

If Mitigated

With proper input validation and output encoding, the attack would fail to execute malicious scripts, preventing unauthorized configuration changes.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires social engineering to trick authenticated users into clicking malicious links. No authentication bypass needed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://certvde.com/de/advisories/VDE-2025-071

Restart Required: No

Instructions:

1. Monitor vendor advisory for patch availability. 2. Apply vendor-provided security updates when released. 3. Verify fix by testing XSS payloads against patched version.

🔧 Temporary Workarounds

Input Validation and Output Encoding

all

Implement proper input validation and output encoding in pxc_PortCfg.php to prevent XSS payload execution.

Web Application Firewall (WAF)

all

Deploy WAF with XSS protection rules to block malicious requests.

🧯 If You Can't Patch

  • Restrict access to web management interface using network segmentation and firewall rules
  • Implement Content Security Policy (CSP) headers to mitigate XSS impact

🔍 How to Verify

Check if Vulnerable:

Test pxc_PortCfg.php with XSS payloads like <script>alert('XSS')</script> in parameters and check if script executes.

Check Version:

Unknown - check software documentation for version identification

Verify Fix Applied:

Retest with XSS payloads after applying fixes; scripts should not execute and input should be properly sanitized.

📡 Detection & Monitoring

Log Indicators:

  • Unusual parameter values in pxc_PortCfg.php requests
  • Script tags or JavaScript in URL parameters

Network Indicators:

  • HTTP requests to pxc_PortCfg.php with suspicious parameters
  • Multiple failed attempts with XSS payloads

SIEM Query:

source="web_logs" AND uri="*pxc_PortCfg.php*" AND (param="*<script>*" OR param="*javascript:*")

📊 Metadata

CVE ID: CVE-2025-41750
CVSS v3 Score: 7.1 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
CWE: CWE-79
EPSS Score: 0.13% exploit probability (32.8th percentile)
Published: December 9, 2025
Last Updated: December 19, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-41750, you might also want to check these:

CVE-2021-39199 10.0

CVE-2021-39199 is a critical cross-site scripting (XSS) vulnerability in the remark-html Node.js lib...

Same vulnerability type (CWE-79)
CVE-2021-32671 10.0

This vulnerability in Flarum forum software allows attackers to inject malicious HTML/JavaScript int...

Same vulnerability type (CWE-79)
CVE-2021-32798 10.0

CVE-2021-32798 is a critical vulnerability in Jupyter Notebook that allows malicious notebook files ...

Same vulnerability type (CWE-79)