CVE-2025-41717 - Vulnerability Details - OpenCVE

An unauthenticated remote attacker can trick a high privileged user into uploading a malicious payload via the config-upload endpoint, leading to code injection as root. This results in a total loss of confidentiality, availability and integrity due to improper control of code generation ('Code Injection’).

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00097.

Exploitation none

Automatable no

Technical Impact total

No data.

No data.

No data.

No data.

References

Link	Providers
https://certvde.com/de/advisories/VDE-2025-073

History

Tue, 13 Jan 2026 15:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Tue, 13 Jan 2026 08:00:00 +0000

Type	Values Removed	Values Added
Description		An unauthenticated remote attacker can trick a high privileged user into uploading a malicious payload via the config-upload endpoint, leading to code injection as root. This results in a total loss of confidentiality, availability and integrity due to improper control of code generation ('Code Injection’).
Title		Config-Upload Code Injection
Weaknesses		CWE-94
References		https://certvde.com/de/advisories/VDE-2025-073
Metrics		cvssV3_1 `{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}`

MITRE

Status: PUBLISHED

Assigner: CERTVDE

Published: 2026-01-13T07:48:19.811Z

Updated: 2026-01-13T14:22:59.709Z

Reserved: 2025-04-16T11:17:48.313Z

Link: CVE-2025-41717

Vulnrichment

Updated: 2026-01-13T14:22:56.870Z

NVD

Status : Awaiting Analysis

Published: 2026-01-13T08:16:03.993

Modified: 2026-01-13T14:03:18.990

Link: CVE-2025-41717

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-41717", "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "state": "PUBLISHED", "assignerShortName": "CERTVDE", "dateReserved": "2025-04-16T11:17:48.313Z", "datePublished": "2026-01-13T07:48:19.811Z", "dateUpdated": "2026-01-13T14:22:59.709Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "TC ROUTER 3002T-3G", "vendor": "Phoenix Contact", "versions": [{"lessThan": "3.08.8", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "TC ROUTER 2002T-3G", "vendor": "Phoenix Contact", "versions": [{"lessThan": "3.08.8", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "TC ROUTER 3002T-4G", "vendor": "Phoenix Contact", "versions": [{"lessThan": "3.08.8", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "TC ROUTER 3002T-4G GL", "vendor": "Phoenix Contact", "versions": [{"lessThan": "3.08.8", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "TC ROUTER 5004T-5G EU", "vendor": "Phoenix Contact", "versions": [{"lessThan": "1.06.23", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "TC ROUTER 3002T-4G VZW", "vendor": "Phoenix Contact", "versions": [{"lessThan": "3.08.8", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "TC ROUTER 3002T-4G ATT", "vendor": "Phoenix Contact", "versions": [{"lessThan": "3.08.8", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "TC ROUTER 2002T-4G", "vendor": "Phoenix Contact", "versions": [{"lessThan": "3.08.8", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "CLOUD CLIENT 1101T-TX/TX", "vendor": "Phoenix Contact", "versions": [{"lessThan": "3.07.7", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "TC CLOUD CLIENT 1002-4G ATT", "vendor": "Phoenix Contact", "versions": [{"lessThan": "3.08.8", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "TC CLOUD CLIENT 1002-TX/TX", "vendor": "Phoenix Contact", "versions": [{"lessThan": "3.07.7", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "D. Blagojevic, S. Dietz, F. Koroknai, T. Weber from CyberDanube"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "An unauthenticated remote attacker can trick a high privileged user into uploading a malicious payload via the config-upload endpoint, leading to code injection as root. This results in a total loss of confidentiality, availability and integrity due to improper control of code generation ('Code Injection\u2019).<br>"}], "value": "An unauthenticated remote attacker can trick a high privileged user into uploading a malicious payload via the config-upload endpoint, leading to code injection as root. This results in a total loss of confidentiality, availability and integrity due to improper control of code generation ('Code Injection\u2019)."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-94", "description": "CWE-94 Improper Control of Generation of Code ('Code Injection')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "shortName": "CERTVDE", "dateUpdated": "2026-01-13T07:48:19.811Z"}, "references": [{"url": "https://certvde.com/de/advisories/VDE-2025-073"}], "source": {"advisory": "VDE-2025-073", "defect": ["CERT@VDE#641836"], "discovery": "UNKNOWN"}, "title": "Config-Upload Code Injection", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-01-13T14:22:52.131453Z", "id": "CVE-2025-41717", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-13T14:22:59.709Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-41717", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-01-13T14:22:52.131453Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-13T14:22:56.870Z"}}], "cna": {"title": "Config-Upload Code Injection", "source": {"defect": ["CERT@VDE#641836"], "advisory": "VDE-2025-073", "discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "D. Blagojevic, S. Dietz, F. Koroknai, T. Weber from CyberDanube"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Phoenix Contact", "product": "TC ROUTER 3002T-3G", "versions": [{"status": "affected", "version": "0.0.0", "lessThan": "3.08.8", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "Phoenix Contact", "product": "TC ROUTER 2002T-3G", "versions": [{"status": "affected", "version": "0.0.0", "lessThan": "3.08.8", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "Phoenix Contact", "product": "TC ROUTER 3002T-4G", "versions": [{"status": "affected", "version": "0.0.0", "lessThan": "3.08.8", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "Phoenix Contact", "product": "TC ROUTER 3002T-4G GL", "versions": [{"status": "affected", "version": "0.0.0", "lessThan": "3.08.8", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "Phoenix Contact", "product": "TC ROUTER 5004T-5G EU", "versions": [{"status": "affected", "version": "0.0.0", "lessThan": "1.06.23", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "Phoenix Contact", "product": "TC ROUTER 3002T-4G VZW", "versions": [{"status": "affected", "version": "0.0.0", "lessThan": "3.08.8", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "Phoenix Contact", "product": "TC ROUTER 3002T-4G ATT", "versions": [{"status": "affected", "version": "0.0.0", "lessThan": "3.08.8", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "Phoenix Contact", "product": "TC ROUTER 2002T-4G", "versions": [{"status": "affected", "version": "0.0.0", "lessThan": "3.08.8", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "Phoenix Contact", "product": "CLOUD CLIENT 1101T-TX/TX", "versions": [{"status": "affected", "version": "0.0.0", "lessThan": "3.07.7", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "Phoenix Contact", "product": "TC CLOUD CLIENT 1002-4G ATT", "versions": [{"status": "affected", "version": "0.0.0", "lessThan": "3.08.8", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "Phoenix Contact", "product": "TC CLOUD CLIENT 1002-TX/TX", "versions": [{"status": "affected", "version": "0.0.0", "lessThan": "3.07.7", "versionType": "semver"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://certvde.com/de/advisories/VDE-2025-073"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "An unauthenticated remote attacker can trick a high privileged user into uploading a malicious payload via the config-upload endpoint, leading to code injection as root. This results in a total loss of confidentiality, availability and integrity due to improper control of code generation ('Code Injection\u2019).", "supportingMedia": [{"type": "text/html", "value": "An unauthenticated remote attacker can trick a high privileged user into uploading a malicious payload via the config-upload endpoint, leading to code injection as root. This results in a total loss of confidentiality, availability and integrity due to improper control of code generation ('Code Injection\u2019).<br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-94", "description": "CWE-94 Improper Control of Generation of Code ('Code Injection')"}]}], "providerMetadata": {"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "shortName": "CERTVDE", "dateUpdated": "2026-01-13T07:48:19.811Z"}}}, "cveMetadata": {"cveId": "CVE-2025-41717", "state": "PUBLISHED", "dateUpdated": "2026-01-13T14:22:59.709Z", "dateReserved": "2025-04-16T11:17:48.313Z", "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "datePublished": "2026-01-13T07:48:19.811Z", "assignerShortName": "CERTVDE"}, "dataVersion": "5.2"}