Cyber Resilience

CVE-2025-25269

High

Published: 08 July 2025

Published
08 July 2025
Modified
11 July 2025
KEV Added
Patch
CVSS Score v3.1 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0015 36.0th percentile
Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-25269 is a high-severity OS Command Injection (CWE-78) vulnerability in Phoenixcontact Charx Sec-3000 Firmware. Its CVSS base score is 8.4 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 36.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-6 (Least Privilege) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2025-25269 is an OS command injection vulnerability (CWE-78) published on 2025-07-08T07:15:24.890, carrying a CVSS v3.1 base score of 8.4 (AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). The flaw enables an unauthenticated local attacker to inject a command that is subsequently executed as root, resulting in privilege escalation. The specific software or component affected is detailed in the referenced advisory.

An unauthenticated local attacker with access to the system can exploit this vulnerability with low attack complexity and no user interaction required. Successful exploitation grants root-level execution of arbitrary commands, providing high-impact access to confidentiality, integrity, and availability, effectively allowing full system compromise from a local unprivileged position.

The primary advisory from CERT VDE (VDE-2025-019) at https://certvde.com/de/advisories/VDE-2025-019 provides further details on mitigation and patches. Security practitioners should consult this reference for vendor-specific remediation steps.

EU & UK References

Vulnerability details

An unauthenticated local attacker can inject a command that is subsequently executed as root, leading to a privilege escalation.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

OS command injection (CWE-78) directly enables local unauthenticated attackers to execute arbitrary commands as root, mapping to exploitation for privilege escalation.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-25271Same product: Phoenixcontact Charx Sec-3000
CVE-2025-24003Same product: Phoenixcontact Charx Sec-3000
CVE-2025-25270Same product: Phoenixcontact Charx Sec-3000
CVE-2025-24385Shared CWE-78
CVE-2026-5967Shared CWE-78
CVE-2026-21418Shared CWE-78
CVE-2025-12744Shared CWE-78
CVE-2026-27806Shared CWE-78
CVE-2026-5208Shared CWE-78
CVE-2025-23383Shared CWE-78

Affected Assets

phoenixcontact
charx sec-3000 firmware
≤ 1.7.3
phoenixcontact
charx sec-3050 firmware
≤ 1.7.3
phoenixcontact
charx sec-3100 firmware
≤ 1.7.3
phoenixcontact
charx sec-3150 firmware
≤ 1.7.3

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly prevents OS command injection by enforcing input validation and error handling at vulnerable interfaces to block malicious command insertion.

prevent

Addresses the specific flaw in CVE-2025-25269 through timely identification, reporting, and patching to eliminate the command injection vulnerability.

prevent

Mitigates privilege escalation by enforcing least privilege on processes, preventing injected commands from executing with root privileges.

References