Cyber Posture

CVE-2025-25269

High

Published: 08 July 2025

Published
08 July 2025
Modified
11 July 2025
KEV Added
Patch
CVSS Score 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0020 41.5th percentile
Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-25269 is a high-severity OS Command Injection (CWE-78) vulnerability in Phoenixcontact Charx Sec-3000 Firmware. Its CVSS base score is 8.4 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 41.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-6 (Least Privilege) and SI-10 (Information Input Validation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Privilege Escalation (T1068). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match
prevent

Directly prevents OS command injection by enforcing input validation and error handling at vulnerable interfaces to block malicious command insertion.

SI-2 Flaw Remediation good match
prevent

Addresses the specific flaw in CVE-2025-25269 through timely identification, reporting, and patching to eliminate the command injection vulnerability.

AC-6 Least Privilege good match
prevent

Mitigates privilege escalation by enforcing least privilege on processes, preventing injected commands from executing with root privileges.

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
attack.mitre.org →
Why these techniques?

OS command injection (CWE-78) directly enables local unauthenticated attackers to execute arbitrary commands as root, mapping to exploitation for privilege escalation.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

An unauthenticated local attacker can inject a command that is subsequently executed as root, leading to a privilege escalation.

Deeper analysisAI

CVE-2025-25269 is an OS command injection vulnerability (CWE-78) published on 2025-07-08T07:15:24.890, carrying a CVSS v3.1 base score of 8.4 (AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). The flaw enables an unauthenticated local attacker to inject a command that is subsequently executed as root, resulting in privilege escalation. The specific software or component affected is detailed in the referenced advisory.

An unauthenticated local attacker with access to the system can exploit this vulnerability with low attack complexity and no user interaction required. Successful exploitation grants root-level execution of arbitrary commands, providing high-impact access to confidentiality, integrity, and availability, effectively allowing full system compromise from a local unprivileged position.

The primary advisory from CERT VDE (VDE-2025-019) at https://certvde.com/de/advisories/VDE-2025-019 provides further details on mitigation and patches. Security practitioners should consult this reference for vendor-specific remediation steps.

Details

CWE(s)
CWE-78

Affected Products

phoenixcontact
charx sec-3000 firmware
≤ 1.7.3
phoenixcontact
charx sec-3050 firmware
≤ 1.7.3
phoenixcontact
charx sec-3100 firmware
≤ 1.7.3
phoenixcontact
charx sec-3150 firmware
≤ 1.7.3

CVEs Like This One

CVE-2025-25271Same product: Phoenixcontact Charx Sec-3000
CVE-2025-25270Same product: Phoenixcontact Charx Sec-3000
CVE-2025-24003Same product: Phoenixcontact Charx Sec-3000
CVE-2026-27806Shared CWE-78
CVE-2026-5967Shared CWE-78
CVE-2026-21418Shared CWE-78
CVE-2025-12744Shared CWE-78
CVE-2025-24385Shared CWE-78
CVE-2026-24154Shared CWE-78
CVE-2026-5208Shared CWE-78

References