CVE-2025-41752

Q: What is the severity of CVE-2025-41752?

CVE-2025-41752 has a CVSS score of 7.1 (HIGH). An unauthenticated cross-site scripting (XSS) vulnerability in pxc_portSfp.php allows attackers to trick authenticated users into clicking malicious links that modify device configuration parameters via the web-based management interface. This affects systems running vulnerable versions of the software with web management exposed. The vulnerability does not grant system-level access or session hijacking due to httpOnly cookies.

7.1 HIGH

Cross-Site Scripting

📋 TL;DR

An unauthenticated cross-site scripting (XSS) vulnerability in pxc_portSfp.php allows attackers to trick authenticated users into clicking malicious links that modify device configuration parameters via the web-based management interface. This affects systems running vulnerable versions of the software with web management exposed. The vulnerability does not grant system-level access or session hijacking due to httpOnly cookies.

💻 Affected Systems

Products:

Software using pxc_portSfp.php component

Versions: Specific versions not detailed in advisory

Operating Systems: Not OS-specific - affects web application component

Default Config Vulnerable: ⚠️ Yes

Notes: Affects systems with web-based management interface enabled and accessible. Exact product names not specified in provided reference.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could change critical device configuration settings, potentially disrupting network operations or enabling further attacks by modifying security parameters.

🟠

Likely Case

Attackers modify non-critical configuration settings, causing operational disruptions or enabling data interception through changed network parameters.

🟢

If Mitigated

With proper input validation and output encoding, the attack fails to execute JavaScript, preventing any configuration changes.

🌐 Internet-Facing: HIGH - Web management interfaces exposed to the internet are directly vulnerable to unauthenticated attacks.

🏢 Internal Only: MEDIUM - Internal attackers or compromised internal systems could exploit this, but requires tricking authenticated users.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires social engineering to trick authenticated users into clicking malicious links. No authentication bypass needed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not specified in provided reference

Vendor Advisory: https://certvde.com/en/advisories/VDE-2025-071/

Restart Required: No

Instructions:

1. Check vendor advisory for patch availability. 2. Apply vendor-provided security update. 3. Verify fix by testing XSS payloads.

🔧 Temporary Workarounds

Input Validation and Output Encoding

all

Implement proper input validation and output encoding in pxc_portSfp.php to prevent XSS execution

Manual code review and modification of pxc_portSfp.php

Web Application Firewall (WAF)

all

Deploy WAF with XSS protection rules to block malicious payloads

Configure WAF to filter XSS patterns in URL parameters

🧯 If You Can't Patch

Restrict access to web management interface using network segmentation and firewall rules
Implement Content Security Policy (CSP) headers to restrict script execution

🔍 How to Verify

Check if Vulnerable:

Test with XSS payloads in parameters of pxc_portSfp.php. Example: <script>alert('test')</script>

Check Version:

Check web interface version or consult vendor documentation

Verify Fix Applied:

Retest with same XSS payloads after patch - scripts should not execute

📡 Detection & Monitoring

Log Indicators:

Unusual parameter values in pxc_portSfp.php requests
Multiple failed XSS attempts

Network Indicators:

HTTP requests with script tags in URL parameters to pxc_portSfp.php

SIEM Query:

source="web_logs" AND uri="*pxc_portSfp.php*" AND (param="*<script>*" OR param="*javascript:*")

📊 Metadata

CVE ID: CVE-2025-41752

CVSS v3 Score: 7.1 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

CWE: CWE-79

EPSS Score: 0.13% exploit probability (32.8th percentile)

Published: December 9, 2025

Last Updated: December 19, 2025

🔗 References

https://certvde.com/en/advisories/VDE-2025-071/ Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Fl Nat 2008 Firmware by Phoenixcontact

Fl Nat 2208 Firmware by Phoenixcontact

Fl Nat 2304 2gc 2sfp Firmware by Phoenixcontact

Fl Switch 2005 Firmware by Phoenixcontact

Fl Switch 2008 Firmware by Phoenixcontact

Fl Switch 2008f Firmware by Phoenixcontact

Fl Switch 2016 Firmware by Phoenixcontact

Fl Switch 2105 Firmware by Phoenixcontact

Fl Switch 2108 Firmware by Phoenixcontact

Fl Switch 2116 Firmware by Phoenixcontact

Fl Switch 2204 2tc 2sfx Firmware by Phoenixcontact

Fl Switch 2205 Firmware by Phoenixcontact

Fl Switch 2206 2fx Firmware by Phoenixcontact

Fl Switch 2206 2fx Sm Firmware by Phoenixcontact

Fl Switch 2206 2fx Sm St Firmware by Phoenixcontact

Fl Switch 2206 2fx St Firmware by Phoenixcontact

Fl Switch 2206 2sfx Firmware by Phoenixcontact

Fl Switch 2206 2sfx Pn Firmware by Phoenixcontact

Fl Switch 2206c 2fx Firmware by Phoenixcontact

Fl Switch 2207 Fx Firmware by Phoenixcontact

Fl Switch 2207 Fx Sm Firmware by Phoenixcontact

Fl Switch 2208 Firmware by Phoenixcontact

Fl Switch 2208 Pn Firmware by Phoenixcontact

Fl Switch 2208c Firmware by Phoenixcontact

Fl Switch 2212 2tc 2sfx Firmware by Phoenixcontact

Fl Switch 2214 2fx Firmware by Phoenixcontact

Fl Switch 2214 2fx Sm Firmware by Phoenixcontact

Fl Switch 2214 2sfx Firmware by Phoenixcontact

Fl Switch 2214 2sfx Pn Firmware by Phoenixcontact

Fl Switch 2216 Firmware by Phoenixcontact

Fl Switch 2216 Pn Firmware by Phoenixcontact

Fl Switch 2303 8sp1 by Phoenixcontact

Fl Switch 2304 2gc 2sfp Firmware by Phoenixcontact

Fl Switch 2306 2sfp Firmware by Phoenixcontact

Fl Switch 2306 2sfp Pn Firmware by Phoenixcontact

Fl Switch 2308 Firmware by Phoenixcontact

Fl Switch 2308 Pn Firmware by Phoenixcontact

Fl Switch 2312 2gc 2sfp Firmware by Phoenixcontact

Fl Switch 2314 2sfp Firmware by Phoenixcontact

Fl Switch 2314 2sfp Pn Firmware by Phoenixcontact

Fl Switch 2316 Firmware by Phoenixcontact

Fl Switch 2316 Pn Firmware by Phoenixcontact

Fl Switch 2316\/k1 Firmware by Phoenixcontact

Fl Switch 2404 2tc 2sfx Firmware by Phoenixcontact

Fl Switch 2406 2sfx Firmware by Phoenixcontact

Fl Switch 2406 2sfx Pn Firmware by Phoenixcontact

Fl Switch 2408 Firmware by Phoenixcontact

Fl Switch 2408 Pn Firmware by Phoenixcontact

Fl Switch 2412 2tc 2sfx Firmware by Phoenixcontact

Fl Switch 2414 2sfx Firmware by Phoenixcontact

Fl Switch 2414 2sfx Pn Firmware by Phoenixcontact

Fl Switch 2416 Firmware by Phoenixcontact

Fl Switch 2416 Pn Firmware by Phoenixcontact

Fl Switch 2504 2gc 2sfp Firmware by Phoenixcontact

Fl Switch 2506 2sfp Firmware by Phoenixcontact

Fl Switch 2506 2sfp Pn Firmware by Phoenixcontact

Fl Switch 2506 2sfp\/k1 Firmware by Phoenixcontact

Fl Switch 2508 Firmware by Phoenixcontact

Fl Switch 2508 Pn Firmware by Phoenixcontact

Fl Switch 2508\/k1 Firmware by Phoenixcontact

Fl Switch 2512 2gc 2sfp Firmware by Phoenixcontact

Fl Switch 2514 2sfp Firmware by Phoenixcontact

Fl Switch 2514 2sfp Pn Firmware by Phoenixcontact

Fl Switch 2516 Firmware by Phoenixcontact

Fl Switch 2516 Pn Firmware by Phoenixcontact

Fl Switch 2608 Firmware by Phoenixcontact

Fl Switch 2608 Pn Firmware by Phoenixcontact

Fl Switch 2708 Firmware by Phoenixcontact

Fl Switch 2708 Pn Firmware by Phoenixcontact