← Back

CVE-2025-24005

nvd nist
Published: Jul 8, 2025Modified: Jul 11, 2025

JSON object

Loading...
7.8
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 1.8 / Impact: 5.9
Source: info@cert.vde.com (Secondary)

Description

A local attacker with a local user account can leverage a vulnerable script via SSH to escalate privileges to root due to improper input validation.

Affected (4)

Phoenixcontact
4 products
Charx Sec 3000 Firmware
Charx Sec 3050 Firmware
Charx Sec 3100 Firmware
Charx Sec 3150 Firmware
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Charx Sec 3000 Firmware
Before 1.7.3
Running on/withPlatform Versions
Phoenixcontact
Charx Sec 3000
All versions
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Charx Sec 3050 Firmware
Before 1.7.3
Running on/withPlatform Versions
Phoenixcontact
Charx Sec 3050
All versions
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Charx Sec 3100 Firmware
Before 1.7.3
Running on/withPlatform Versions
Phoenixcontact
Charx Sec 3100
All versions
Configuration D
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Charx Sec 3150 Firmware
Before 1.7.3
Running on/withPlatform Versions
Phoenixcontact
Charx Sec 3150
All versions

Related CWEs

CWE-20
Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (1)

Source: info@cert.vde.com
Third Party Advisory

Timeline

No history available yet.